Actuarial dataset de-identification is the removal of personal data from a pricing extract. Once it is truly anonymous, it is no longer personal data under GDPR Recital 26 and falls outside the law. anonym.plus does this on an EU device.
When this applies
Pricing and reserving work lean on large extracts of historical rows. Sending those to a cloud tool is a disclosure risk. Local work avoids it.
How anonym.plus handles it
- Point anonym.plus at the export folder on your server.
- It scans the ID columns and any free-text fields.
- Steady aliases keep cohort joins intact.
- Turn off the re-link key for true anonymity.
- Review the summary and tune the column rules.
- Save the clean table on your device.
What you need to provide
- The extract as CSV, JSON, or a bundle.
- A column map for known ID fields.
- Replace with the re-link key off for full anonymity.
PHI entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Names | PERSON | insured_name → [PERSON_n] |
| Member ID | US_HEALTH_PLAN_BENEFICIARY | policy_id → [POLICY_n] |
| Dates | DATE_TIME | incept_date → shifted [DATE] |
| Age | AGE | exact age 91 → [AGE_90+] |
| Address | LOCATION | postcode → [REGION] |
| Account | ACCOUNT_NUMBER | acct field → [ACCOUNT_n] |
Compliance achieved
- True anonymity puts the table outside scope by GDPR Recital 26.
- Strips GDPR Art. 9 health identifiers from the rows.
- On-device work supports EU data residency.
- Keeps cohort links steady, so the table stays useful for modelling.
Anonymize actuarial datasets offline — see plans & start free →
Limitations & cautions
An exact age above 89 is a re-identification risk and is grouped to 90+. A rare claim outlier in a small region can still narrow identity. Weigh the residual risk and keep no re-link key before you treat the table as anonymous.
Frequently asked questions
Why is age above 89 grouped?
Very high ages point to few people, so they raise re-identification risk. The tool buckets them into a 90+ band to lower that risk.
Can cohorts stay linkable after the swap?
Only with an alias map, which makes the result pseudonymous. For true anonymity, turn the map off so no key remains.
Does modelling still work on the clean table?
Yes. Aliases keep joins steady, so cohort models run while no real identity is left.