On this page you will find information about the data anonymization tool for JOIN Business & Document. With this tool you, as a (technical) administrator, are able to completely anonymize personal information (names, telephone numbers, email addresses) that are in JOIN (eg address registrations, cases and documents). This page explains how the tool works and how it can be installed and run.
Anonymisation is a good method to make personal data suitable for testing and / or analytical purposes. Anonymisation is valuable when you want to be able to work in a (partially or fully) equipped DTAP structure with relevant data in, for example, a test or acceptance environment, without this data being traceable to a person. Anonymization can also be valuable when an organization wants to retain data for analytical or statistical purposes, but the tracing back to individuals is no longer necessary or legitimate.
Note: Anonymization is a form of encryption that is not reversible: once personal data has been stripped of identifying data, it is no longer possible to associate it with people again later. We therefore strongly recommend that you do not use this tool on a production environment. You use the tool to copy a dataset from production to test / acceptance, whereby the personal data included in the dataset can no longer be traced.
After anonymization, you again fully comply with the requirements set by the GDPR. Anonymized data is no longer personal data according to the GDPR. Do remember to discuss the anonymization beforehand with the GDPR officer in your organization.
The tool is installed on your test or acceptance environment (with connection to the database). The tool is a console executable that connects based on the decosadmin.ini (just like for example the exportDBnet tool with which you can easily make an export of your (production) database.
Important: the execution of the tool is irreversible: once anonymised data cannot be reversed.
As soon as you have activated the tool, we first check whether the dataset has a production dataset. We do this on the basis of the name we come across in the database. If, on the other hand, we come across the name “accept” or “test”, the tool assumes that this is a test set that may be anonymized. In all other cases (such as, for example, during production), confirmation is first requested before the tool actually starts processing and anonymizing the data.
In the tool, the following parameters are possible to limit the amount of data to be anonymized:
LEGALID: anonymizes all first names, surnames and social security numbers of all addresses in the system.
When the tool is run, a control file is generated showing all anonymized values (and the “was” value). Think carefully about where you keep this control file (not in the same environment or delete after run and control).
Finally, when using JOIN Search (Elastic Search) it is important that the search index is also rebuilt. After successfully running the anonymization tool, make sure the JOIN Search bulk indexer is run once.
As soon as the tool has been started and it has been concluded that it is a test or acceptance environment, the tool asks whether user names in the system should also be anonymized. If you confirm this, it must be taken into account that the user information can no longer be traced (since the user is now called Abe Batens Gaby Veldman. All personal information in the system is anonymized. For example, last names, first names, email addresses, telephone numbers, citizen service number, etc. The tool not only looks at common fields in the data model where these data occur (COMPANY, EMAIL1, LEGALID), but also searches the entire database for a surname, for example. random surname.
All social security numbers, telephone numbers, e-mail addresses and name details found in the system are replaced by any other value by the tool. In the case of a BSN number, we also ensure that the value is replaced by a BSN that meets the 11-test, but can no longer be traced back to a person in the system.
The anonymization tool also takes free text into account (for example the SUBJECT1 and SUBJECT2 fields, but also the MEMO fields where, for example, the content of files is stored. The content of paragraphs in the JOIN Decision-making module is also anonymized.
Example: a personal registration contains the surname Batens with first name Abe and BSN 170817110. After the anonymization stroke, the surname Appelman with first name Gaby and BSN 191204765 is listed here.
Yes. But not in the actual files. The content text in files and scans is written to the MEMO field in JOIN. Personal information that we come across in these texts is also anonymized. We therefore advise never to export files from production to a test environment. However, you can replace the file in question with dummy files.
Yes. In addition to data from registrations (items and item fields), personal data from the objects workflow, files and scans is anonymized by the tool.
Standard we support:
Obviously, this depends on the amount of data to be converted in your system.
We cannot estimate exactly how long the anonymization will take because it depends on several factors over which we have no influence. Unfortunately, we do not yet have any concrete information about the turnaround time. We will add to this in the wiki as soon as it is known.
Yes. You need a valid ANON license to use the tool. Without this license, the tool will not be started and anonymization is not possible. Contact your commercial contact person at Decos to discuss the possibilities.
Yes! In the tool in the command line “?” typing in the HELP function is displayed.
The log files are created after running the tool in the directory: \ AnonymizeDB \ bin \ Debug directory. In addition, if you choose to anonymize usernames and user roles, a log file is created in the main directory of the tool: “UpdatedUserNameAndRoles.txt”. In this file you will find the old name and the new name.
With our colleagues from JOIN Support. You can create a ticket via joinsupport.decos.nl. Of course you can always ask questions!