A company wants to use data containing personally identifiable information for analysis and ML training while protecting privacy. Which option represents the effort to achieve this through processing such as anonymization and masking?
Choosing the effort that analyzes data while protecting privacy.
Data residency
Data residency is a requirement about the physical location (country or region) where data is stored.
It is a privacy-related term, but not the effort that achieves both analysis and protection through anonymization and masking, so it is incorrect.
Encryption at rest
Encryption at rest is a measure that puts stored data into an unreadable form to protect it from theft.
However, decryption reveals the original personal information as is, so its mechanism differs from the goal of anonymization and masking, which is to 'protect data while still using it for analysis,' and it is incorrect.
Privacy-enhancing technologies
Correct. Privacy-enhancing technologies (PETs) are the collective term for efforts that protect individuals' privacy while still using the data, through anonymization, masking, pseudonymization, differential privacy, and so on.
Auditing of access logs
Auditing of access logs is a governance effort that tracks after the fact who touched the data.
It is not a technology that protects the data itself through anonymization and masking, so it is incorrect.
'Making individuals unidentifiable while still using the data for analysis' is what privacy-enhancing technologies (anonymization, masking, pseudonymization, and so on) do. Even among privacy-related items, data residency is about storage location, encryption is a theft countermeasure (decryption reveals the data), and log auditing is after-the-fact tracking; the difference is that PETs process the data itself to protect it.