Anonymizing the test subject’s data means removing or masking any personally identifiable information (PII) that could be used to identify or trace the individual. This can help to protect the privacy and confidentiality of the test subjects, as well as comply with the data protection laws and regulations of both countries. Processing the anonymized data in the US can also help to reduce the costs and risks of transferring the data across borders. Aggregating the data into one database in the US, processing it in the US but storing it in France, or sharing it with a third party could all pose potential privacy and security risks, as well as legal and ethical issues, for the organization and the test subjects. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1: Security and Risk Management, page 67; Official (ISC)2 Guide to the CISSP CBK, Fifth Edition, Chapter 1: Security and Risk Management, page 62.