取消个人数据标识De-identification of personal data

为了阻止泄露个人数据,Workplace Analytics 使用化名和其他技术(如聚合)来取消标识个人数据。To keep from disclosing personal data, Workplace Analytics de-identifies an individual's data through the use of pseudonymization and other techniques, such as aggregation.

以下 说明性示例 介绍了 Workplace Analytics 如何保护查询结果中的信息。The following illustrative example describes how Workplace Analytics secures information in query results. 有关如何取消标识各种类型的数据的更多示例,请参阅分析表的"数据类型"中的"示例"列。 For more examples of how various types of data are de-identified, see the Examples column in the Types of data for analysis table.

有关 与隐私相关的 术语的定义,请参阅术语表,例如聚合、匿名化、去标识、哈希和个人数据。See the Glossary for definitions of the terms related to privacy, such as: aggregation, anonymization, de-identification, hashing, and personal data.

Note

为了平衡保护个人隐私和提供有用信息的要求,Workplace Analytics 正在逐渐合并一种称为差异隐私的细微差别 方法To balance the requirements of protecting individual privacy and providing useful information, Workplace Analytics is gradually incorporating a nuanced approach known as differential privacy.

说明性示例Illustrative example

使用 Workplace Analytics,从 Microsoft 365 协作数据和选择包含的组织数据计算的所有指标都是已取消标识和聚合的数据。With Workplace Analytics, all metrics that are computed from Microsoft 365 collaboration data and from the organizational data that you choose to include are de-identified and aggregated data. 以下示例显示 Workplace Analytics 创建的"人员"报告中的一行:The following example shows one line from a “people” report that Workplace Analytics created:

人员标识符Person Identifier 工时后After Hours 电子邮件小时数Email Hours 函数Function 标题Title 组织Org 地区Region
T5Y07H4OvkWcCC3T5Y07H4VfKWcCC3 7 7 6 6 HRHR 主管Director HR – CorpHR – Corp CentralCentral

本示例中,Workplace Analytics 计算某些个人的"营业时间"和"电子邮件时间",并报告此信息,并将其与选择包含的人的属性相关联。In this example, Workplace Analytics computes After Hours and Email Hours for some individual, and reports on this information, associating it with the person’s attributes that you choose to include. 已取消标识计算的信息;也就是说,您无法从这些字段中标识个人。The computed information is de-identified; that is, you cannot identify the individual from these fields. 人员标识符使用从此人的 Microsoft 365 电子邮件地址派生的加密生成的标识符进行假名化。The Person Identifier is pseudonymized with a cryptographically generated identifier derived from the person’s Microsoft 365 email address. 函数、 (、组织和地区) 属性实际上是个人数据。The other attributes (Function, Title, Org, and Region) are effectively personal data. 虽然可能无法用任何单个属性标识用户,但这些属性一起可能使您能够标识已计算其指标的用户。While it might not be possible to identify the user with any single attribute, together these attributes might enable you to identify the user whose metrics have been computed. 因此,这组属性被视为个人数据。Therefore, this group of attributes is considered personal data.