Like I said, modern privacy standards. The US is still quite far behind: I've had to do HIPAA training and it shows.
I'd advise you to set your bar a lot higher than your national standards if you ever plan to do international products: nobody in the US will complain if you use stricter definitions but you'll instantly be rejected in Europe if you call that pseudonymization.
What bar are you talking about? We use the state of the art to treat indirect identifiers without pseudonymization, but we pseudonymize as needed if that’s overkill. The bar is set very high for our service. Sadly, very few companies are actually interested in treating indirect identifiers or consider anything besides direct identifiers a problem.
I’m familiar with GDPR, we work with EU companies, and all the ones we work with use original definition. NIST link aside, these terms are hardly standards anyway. They are nearly colloquial vocabulary, which unfortunately in this space I expect to remain imprecise and vague. This why we generally only use it in marketing and comms, while in the actual product we drill down into specifications for direct and indirect identifiers, distortion, and risk.
See section about the new definition under GDPR.
Like I said, modern privacy standards. The US is still quite far behind: I've had to do HIPAA training and it shows.
I'd advise you to set your bar a lot higher than your national standards if you ever plan to do international products: nobody in the US will complain if you use stricter definitions but you'll instantly be rejected in Europe if you call that pseudonymization.