On February 5, 2024, the Personal Information Protection Commission (PIPC) released the revised 'Guidelines for Processing Pseudonymous Data' (the Guidelines). This revision addresses the limitations of the existing guidelines, which only provided processing standards for structured data. The Guidelines aim to establish pseudonymization standards for unstructured data - such as images, videos, audio, and text - which are crucial for the development of artificial intelligence (AI) technologies.
In the Guidelines, the PIPC provides methods and specific examples of pseudonymization regarding unstructured data. In addition, the PIPC explains in more detail the important points to consider for each phase of pseudonymization (pre-preparation, risk review, pseudonymization, appropriateness review, and safe management). As it is not practically possible to eliminate all the various risks that may arise in the course of AI development and use, the Guidelines also focus on post-management. Timothy Dickens, from DR & AJU LLC, explores the different scenarios discussed in the Guidelines where unstructured data was successfully pseudonymized.