Preserving Data Anonymization in the Age of AI: A Working Solution Examined

The anatomy of effective de-identification: key components and techniques

In this section, we'll go over the key parts of the ELEKS' data anonymization solution, outline the main challenges, and show how our approach tackles them.

Technical architecture of the anonymization solution

When a user submits text for anonymization, it goes through two main stages:

• Recognition of the named entities
• Replacement of those entities using a selected anonymization strategy.

The process begins with an analyzer that is responsible for detecting potentially sensitive data within the input text. Besides personally identifiable information (PII) such as names and dates, the analyzer can detect a wider range of entities, including addresses, company names, web identifiers, and various types of numerical data, such as cardinals and ordinals. In total, it supports the recognition of around 30 distinct entity types. This component is built on top of the Presidio framework, which combines deep learning-based named entity recognition (NER), regex matching, and context-based enhancement. We've combined and configured its core capabilities to better handle real-world inputs:

• NER: We use spaCy's transformer-based en_core_web_trf model (a fine-tuned RoBERTa). After evaluating alternatives like Stanford's deidentifier, Stanza, and Flair, we found that spaCy offered the best balance of speed and entity coverage;
• Regex: In addition to Presidio's built-in patterns, we introduced custom recognizers to detect a wider range of phone numbers, numeric values (in both digit and word forms), and address formats.
• Context enhancement: To improve confidence scoring, we used spaCy's word stemming and added our parameters to weigh the surrounding context and boost precision.

Protect your data

Data anonymization techniques

Once the sensitive data has been identified, the next step is to replace it with alternative values directly within the text. Depending on the use case, this can be done in one of three ways:

• by generating a contextually relevant replacement,
• masking the entity with its type and a unique identifier,
• removing the entity entirely.

Data masking and removing the entity entirely are relatively straightforward approaches. Therefore, in the following paragraphs, we'll focus on the first approach and explain how context-aware replacements are generated.

In the contextual replacement approach, entities are processed individually, relying on the information embedded within them, such as their type, format, or cultural and geographical context. In some cases, the entity's structure is enough to create a realistic replacement. For example, data elements like national ID numbers, passport codes, or IP addresses follow a predefined format, so they can be replaced with random but similar-looking values.

We used the Faker framework, which has built-in tools for generating fake but believable data. However, other entities, such as credit card numbers, IBANs, and phone numbers, need more careful handling to keep important details. For these, we implement custom transformers: the generated credit card matches the original issuer and passes checksum validation; IBAN codes follow the correct country format and are kept valid; phone numbers preserve their structure by replacing only the last few digits.

Transform data into assets

Similarly, dates require a separate handling strategy due to the various formats they can appear in. While existing tools can detect and extract dates from text, none provide a clean way to infer and preserve the original format, such as whether the date includes time, uses ordinals, or follows a specific value order (e.g., day-first vs. month-first). To address this, we implemented a custom handler that first analyses and stores the input format before generating a synthetic replacement. The replacement itself is produced by applying controlled shifts: times are adjusted by a random number of seconds or minutes within a small range, dates are shifted by a few weeks to ensure the month changes while keeping the seasonal context, and years are randomly changed within a range of one to five years.

Another category we handle separately is numeric values, which are recognized as entities such as CARDINAL, ORDINAL, PERCENT, MONEY, and QUANTITY. These values can appear in various formats: may be written as digits or words, expressed as cardinals or ordinals, and represented as integers or floating-point numbers. To accurately reproduce these formats in anonymized output, we use regex-based pattern matching to identify their structure by preserving details such as precision and the use of separators like commas or periods. The anonymized value is then generated by adjusting the original using a scaling factor within a ±10% range (from 0.9 to 1.1). For cases where a more controlled output is needed, a custom operation, such as multiplication or addition with a fixed operand, can also be applied to ensure consistent transformations.

The most challenging part of anonymization was replacing free-text values like names of people, companies, addresses, or buildings. At first, we tried breaking these entities into individual words and finding similar ones using word embeddings like FastText. However, this method often produced unnatural results, as breaking values into separate words ignored their meaning as a whole. So, we decided to give a try with small language models to generate replacements in a smarter way. We tested several options, including LLaMA, Phi, distilled GPTs, and Qwen. LLaMA and Qwen gave the best results, while LLaMA struggled with personal names, likely due to safety filters. Qwen performed better overall, especially in its quantized version. We chose Qwen2.5 0.5B (Q8_0, ~675 MB) for its good balance of quality and speed.

Additionally, finding the right prompt for these models wasn’t straightforward. We tried many different options, changing how we described the entity, whether to include examples, and how much guidance to give the model. Some of the early prompts led to problems, such as repeating parts of the original text or producing unrelated results. Eventually, we found a short and clear prompt that provided stable and useful outputs without revealing sensitive information.

Data decoding process

By integrating all components described above, we developed a system that produces high-quality anonymized text while preserving structure and meaning. But one important piece was still missing: deanonymization. To make the anonymized text usable for tasks like analysis or transformation, we developed two methods: one based on exact matching, and another that supports fuzzy matching to handle slight changes within entities. With these in place, the system offers a full end-to-end data anonymization pipeline. The image below illustrates the complete workflow, showing detected entities, their replacements, and how users can copy anonymized text into an LLM, retrieve results, and deanonymize them if needed.

Conclusions

As AI becomes more integrated into our lives and business processes, data anonymization tools create a bridge between privacy requirements and technological advancement.

Our data anonymization tool tries to balance data privacy with AI utility. It replaces sensitive information with contextually suitable alternatives created locally, without relying on external services or cloud-based models. This way, users can fully leverage AI tools without exposing confidential data.

There’s still room for improvement. Our team plans to improve the handling of gender consistency during person name synthesis, improve entity recognition on noisy or informal input, support cross-entity conditions where values are dependent on one another, and develop specialized modes for medical texts and patent or IP-related documents where domain-specific patterns and sensitivities need special attention.

Get a privacy-first cloud solutions