CanucktAI
Glossary

De-identification

De-identification is the process of removing or masking direct identifiers so data no longer directly names a person, while accepting that re-identification may still be possible.

De-identification strips or masks the fields that obviously point to someone — name, SIN, email — often replacing them with pseudonyms or tokens. It reduces risk but does not make data fully anonymous: with enough auxiliary information, de-identified records can sometimes be re-linked to individuals.

Quebec’s Law 25 defines de-identified information as data that *no longer allows a person to be directly identified*, and it remains personal information subject to the law. You must apply reasonable measures to guard against re-identification and may only use it for the purposes the law permits.

Use de-identification when you still need record-level detail (analytics, testing, research) but want to limit exposure. When you need data that falls *outside* privacy law entirely, you need true anonymization instead.

Our own compliance

We run our own compliance programme inside Valdra — the product we sell. Our SOC 2, ISO 27001 and ISO 42001 programmes are actively in progress; we do not claim certifications we do not yet hold.

Valdra compliance badge — click to verify
  • PIPEDA
  • Law 25 (Quebec)
  • CASL
  • Data hosted in Canada 🇨🇦
  • AI governance
View our Trust Centre

Self-declared, not audited by a third party. Click the badge to verify it is genuine and see what it covers.

De-identification — definition | Canuckt AI