Protecting personal data through de-identification and pseudonymization
At Nuance, we create products that positively impact the world—transforming the way we work, connect, and interact with each other. Our solutions benefit organizations by making them more effective. And you may personally experience the benefits of our solutions directly or indirectly through a streamlined healthcare encounter or a customer service experience at your bank, airline, or retailer.
We work closely with our customers to help provide the accurate voice recognition technology that meets their specific needs and the evolving ways that they engage with their patients and consumers. With terminology constantly evolving in both technical fields and common parlance, we ally with our customers’ domain experts to ensure a fluid experience with our technology.
An essential aspect of the benefits that we offer is our approach to processing personal information and sensitive or special category data. We believe it is critical to protect this information and to use it safely, securely, responsibly, and proportionally. At Nuance, we are committed to safeguarding the personal information and the data we hold. We employ sophisticated data handling methods to guard an individual’s privacy while ensuring that the data remains useful for the purpose and support that people require.
Data protection of audio and text data requires careful management. Due to audio data’s unique nature, a person may be identifiable not just by what is said, but also by the distinctive sound of their voice. Therefore, we conscientiously capture, structure, and secure this data to preserve the privacy of those who interact with our products.
In parallel with the phenomenal technological advances we have seen in the past several years, consumers are becoming more discerning about the businesses they support. One factor in that preference is the degree to which a business is vigilant about personal information safeguards.
In response, an increasing number of jurisdictions are introducing or strengthening their privacy laws. The requirements of these laws differ not just from country to country but often from region to region or from industry to industry, as well. As a result, Nuance operates in a diverse and dynamic legal landscape. As a global company, we monitor evolving worldwide privacy and data protection laws and regulations and are firmly committed to meeting or exceeding new requirements that apply to our business.
In July 2020 the Court of Justice of the European Union issued a decision commonly known as Schrems II. This decision and subsequent Guidance issued in June 2021 by the European Data Protection Board and the European Commission have impacted companies and organizations worldwide, making it clear that additional supplemental measures are needed when processing or transferring personal data. We evaluated the protocols we rely on to protect personal data, including encryption, de-identification, pseudonymization, masking, and other measures, to ensure that such protocols align with evolving legal requirements.
Among such protocols are measures that reduce the chances of identifying an individual within a data set. Our process typically involves changing the data such that there is not a practical chance to identify an individual within a data set. Such practices are consistent with our broader privacy strategy best practices, which include only using the specific data needed in a particular context (data minimization) and only using a particular data set if it is critical. These measures work together to help protect people’s privacy.
As part of our data risk management and risk reduction strategy, we have engaged several third parties, including Privacy Analytics, to review our de-identification and pseudonymization processes, and sensitive data handling practices, along with our broader privacy programs.
Privacy Analytics (Open a new window)is an IQVIA company that provides data anonymization services and software. For the past 15 years, they have worked with more than 200 organizations—many of which have developed innovative products that rely on sensitive data to provide benefits to everyone.
Privacy Analytics reviewed our de-identification and pseudonymization measures across various products and services and found the design of our practices to be effective. Our engagement with them included recommendations that strengthen our processes and privacy framework. We took these recommendations and are implementing them.
We believe that ongoing program improvements like these are necessary and fundamental to make Nuance privacy safeguards more robust and resilient. They provide our clients—and their end-users—with added confidence that data protection is among the benefits they enjoy from the products they love.