Overview#
The Pseudonymisation and Controlled Disclosure Workflows module gives investigation, legal, and research teams a governed way to create scoped pseudonyms, reuse them consistently across a case or disclosure package, render pseudonym maps into documents, and reveal a real identity only through an audited justification flow.
Investigators, legal teams, and researchers often need to circulate useful case material before they are allowed to reveal the real identities behind every person or organisation in that material. If pseudonyms are applied manually, the same subject may receive three different aliases across three different documents, and every later disclosure review turns into a reconciliation exercise. This module is designed for disclosure, legal review, research, and secondary-use reporting where privacy and traceability matter at the same time.
Key Features#
- Scope-Based Pseudonyms: Create a stable pseudonym for a real entity within a defined scope such as a case, export, or disclosure bundle.
- Consistent Registry: Reuse the same pseudonym throughout the scope so reviewers are not forced to reconcile multiple aliases for the same subject.
- Document-Ready Maps: Produce a pseudonym map that downstream document generation and disclosure workflows can apply automatically.
- Controlled Identity Reveal: Allow authorised users to reverse a pseudonym only with a recorded reason. Access to a full pseudonym map requires a dedicated reveal privilege, and every use of that privilege generates an audit event.
- Case-Scoped Reveal Enforcement: Individual de-pseudonymisation checks the caller's access to the underlying case before returning anything, and reveal results include the real name only for authorised callers.
- Readable Pseudonym Handles: Case workspaces display consent subjects and case participants by human-readable pseudonym handle, never by raw system identifiers.
- Pseudonym Registry Panel: A registry panel inside the case workspace gives case teams one place to view and manage protected identities.
- Reveal Audit Trail: Preserve a complete log of de-pseudonymisation actions for legal and governance review.
- Secondary-Use Protection: Support analytics, briefing, and research exports that do not need direct identity exposure.
- List and Review Views: Give reviewers a governed way to inspect pseudonym sets, scopes, and reveal history. Listing pseudonyms never exposes the underlying real identities without an explicit, audited reveal.
Use Cases#
- Disclosure Bundle Preparation: A disclosure officer with the reveal privilege resolves identities for a court bundle while ordinary case members continue to work with pseudonyms across statements, notes, and attachments.
- Conflict-of-Interest Inquiry: Reviewers examine a sensitive case entirely through pseudonym handles, and only cleared staff can perform the audited step that reveals a subject's real name.
- Research Export: A service shares a pseudonymised dataset for service-improvement work without releasing direct identifiers.
- Partner Briefing: A multi-agency briefing circulates relationship context and behaviour patterns while identities remain protected until a later stage.
- Witness and Subject Protection: Sensitive individuals are masked in routine working material while authorised staff retain a governed reveal path.
- Court or Oversight Query: A reviewer requests a justified reveal of one pseudonym, and oversight can later list every reveal event, by whom, and for which case.
Integration#
- Disclosure and Court Filing Workflows: Pseudonym maps can be applied during disclosure-pack preparation and later partially reversed where permitted.
- Export and Reporting Services: Secondary-use datasets can be generated from the same governed pseudonym registry instead of ad hoc masking.
- Document Generation: Renderers can substitute pseudonyms directly into human-readable documents and summaries.
- Audit and Compliance Services: Reveal requests and results feed the wider immutable audit trail.
- Case and Investigation Workspaces: Teams see readable pseudonym handles throughout the workspace and manage protected identities from the registry panel in the same scope as the underlying case material.
Open Standards#
- ISO/IEC 20889: the workflow aligns with a recognised standard for privacy-enhancing de-identification techniques.
- W3C PROV-DM: pseudonym creation and reveal events can be represented as a provenance trail for accountability.
- RFC 8259 JSON: pseudonym maps and disclosure payloads can be exchanged in a standard structured format.
- ISO 8601: creation and reveal timestamps use a standard date-time representation.
- Unicode: pseudonyms and rendered text can preserve multilingual names and document content consistently across systems.
Last Reviewed: 2026-07-16 Last Updated: 2026-07-16