Why is data identifiability better described as a spectrum than as a simple "personal vs anonymous" switch?
Because data passes through several intermediate degrees — pseudonymous, then de-identified, then anonymous — as more identifiers are removed and stronger safeguards are added.
* Identifiability is a gradient — de-identified sits between pseudonymous and anonymous. *
The Future of Privacy Forum's "Visual Guide to Practical Data De-Identification" lays out the gradient. Reading from most to least identifiable:
- Explicitly personal — direct identifiers intact (name, address, SSN).
- Pseudonymous — direct identifiers replaced with a key/pseudonym, but indirect identifiers stay intact and a curator may hold the key.
- De-identified — direct and known indirect identifiers are removed, generalized, perturbed, or swapped to break the link to real identities.
- Anonymous — direct and indirect identifiers removed/manipulated with mathematical and technical guarantees against re-identification (e.g. differential privacy, heavy aggregation).
Each step is also modulated by safeguards and controls (legal, organizational, technical) — the same transformed data can sit at a stronger point on the spectrum when access controls and contracts back it up.
Tip: "De-identified" is not a synonym for "anonymous." It sits between pseudonymous and anonymous — identifiers are gone, but without the formal guarantees that make data truly anonymous.
Go deeper:
A Visual Guide to Practical Data De-Identification (FPF) — the exact spectrum chart this card describes.