How do we ensure anonymisation is effective?
The ICO is calling for views on its updated draft guidance on anonymisation, pseudonymisation and privacy enhancing technologies. We are sharing our thinking in stages to ensure we gather as much feedback as possible to help refine and improve the final guidance, on which we will carry out a formal consultation.
In our first chapter ‘Introduction to Anonymisation’ we outlined the legal, policy and governance issues around the application of anonymisation in the context of data protection law. We are grateful for the feedback we have received from many organisations across different sectors.
Our second chapter ‘Identifiability’ focuses on how to assess anonymisation in the context of identifiability. We explore the concept of a spectrum of identifiability, data sharing scenarios, the motivated intruder and reasonably likely tests as well as guidance on managing re-identification risk. These key principles set out our views on effective anonymisation and we welcome your feedback.
We will continue to publish draft chapters for comment at regular intervals. As outlined in Building on the data sharing code – our plans for anonymisation guidance, chapters to follow include:
- Guidance on pseudonymisation techniques and best practices;
- Accountability and governance requirements in the context of anonymisation and pseudonymisation, including data protection by design and DPIAs;
- Anonymisation and research - how anonymisation and pseudonymisation apply in the context of research;
- Guidance on privacy enhancing technologies (PETs) and their role in safe data sharing;
- Technological solutions – exploring possible options and best practices for implementation; and
- Data sharing options and case studies – supporting organisations to choose the right data sharing measures in a number of contexts including sharing between different organisations and open data release. Developed with key stakeholders, our case studies will demonstrate best practice.
Input at this early stage can make a significant difference as we will use the responses we receive to inform our work in developing the guidance.
This call for views is the first stage in the process and we will consult on the full draft guidance in the autumn. You can provide your feedback by emailing firstname.lastname@example.org.
When submitting your views, please specify to which chapter you are referring.