There are several ways to pseudonymize data in the system to protect individuals and ensure that personal information is used appropriately.
One of the more powerful features in the system is the ability to recognize responses from the same person, such as the same customer or employee, so that you can track their entire experience across different measurements. To accomplish this, a key is required that allows the system to recognize the person over time, even if personal information is pseudonymized.
Such a key could be a customer number or an email address. We generally do not recommend using sensitive personal information (e.g., social security number) for this purpose.
Since we have functionality to automatically delete personal information, a key would be destroyed during deletion. Therefore, there is a function to pseudonymize the key. You can then use the pseudonymized key to collect responses from the same person.
To use the functionality
- Choose which background variable is a unique key to recognize responses from the same person. E.g., Customer number.
- In DialogManager, under background data settings, choose to retrieve the information (customer number) and pseudonymize it into another background variable that you could call "pseudonym".
- The system will now create unique pseudonym keys and store them in the new background variable. The new variable can then be used to link responses from the same respondent in Analytics and Workbook.
- You can delete the original information (customer number) by marking it as personal data. However, you should not mark your pseudonym variable as personal data because it will also be deleted.
Security
Each pseudonym value is unique for each key value. E.g., two different customer numbers cannot have the same pseudonym and be merged by mistake. It is not possible to derive the customer number from the pseudonym unless you have the customer number. Therefore, there is no encryption key to decrypt a pseudonym.