On November 4, 2019, the Spanish Supervisory Authority (“AEPD”), in collaboration with the European Data Protection Supervisor, published guidance on the use of hashing techniques for pseudonymization and anonymization purposes. In particular, the guidance analyses what factors increase the probability of re-identifying hashed messages.
The guidance provides examples of how controllers can make the re-identification of hashed messages more difficult. These examples include encrypting the message (prior to hashing), encrypting the hash value, or adding “salt” or “noise” (i.e., a random number) to the original message.
Source: Spanish Supervisory Authority and EDPS release guidance on hashing for data pseudonymization and anonymization purposes