Octobox Anonymisation

The purpose of Octobox Anonymise is to support Zaanstad municipality in securely and efficiently varnishing privacy-sensitive information in documents. Octobox makes suggestions for varnishing information to be protected. Employees can accept or reject the suggestions. There are no automatic decisions, so the impact is low.

The Woo has (relative and absolute) legal grounds for exceptions that determine when information is withheld. The AVG also provides for this, to protect personal data. The municipality's application of these grounds for exception is an existing process. Octobox anonymise automates this process, by recognising information to be protected. The use of Octobox is justified because (trained) employees must always approve, modify or reject the suggestion of Octobox.

Octobox's software works on the basis of a setup document set up by the municipality. Using this setup document, the municipality can determine which categories of information the software lacquers in draft. Examples include people's names, BSN numbers, or signatures. The lacquering employee maintains control by approving, modifying or rejecting a proposal.

The biggest risk is that information is incorrectly lacquered or accidentally disclosed anyway, which can lead to violation of privacy laws (such as the AVG), reputational damage for the municipality, or harm to affected individuals (such as identity theft or misuse of data). These risks are mitigated by mandatory human control: Octobox only makes suggestions and employees make the final decision. In addition, employees are trained in the use of Octobox and additional guidelines are available.

General Data Protection Regulation (AVG), General Administrative Law Act (AWB), Disclosure Act, Open Government Act (WOO), Electronic Publications Act (WEP).

The algorithm processes complete documents reviewed for disclosure, such as Woo requests, policy documents, reports or e-mails. These documents may contain any type of information, including personal data such as names, addresses, phone numbers, e-mail addresses, dates of birth, BSN numbers, financial data or signatures. Octobox scans the entire document to detect possible information to be protected. Thus, the algorithm is not limited to specific data categories but works on the total content of the document.

Octobox Anonymise works on the basis of 1) algorithms to search in the context of data 2) value lists that allow automatic recognition of terms and 3) Natural Language Processing (NLP). NLP can classify texts by recognising what the subject of the sentence is or what, for example, a verb or name is. The software uses underlying open source engines such as SpaCy and Yolo where labels are assigned to recognised entities - these are then validated again by Octobox and if within the confidence zone will be accepted for review by user before being finalised.