One month to give the ICO your views on anonymisation
The ICO is currently consulting on its draft guidance on anonymisation, pseudonymisation and privacy enhancing technologies. The consultation, which closes on 16 September, seeks input for the first four chapters with the aim of consulting on the full guidance later on.
The chapters currently under consultation are ‘Introduction to Anonymisation’, ‘Identifiability’, ‘Pseudonymisation’ and ‘Accountability and Governance’.
On assessing identifiability risk, the ICO says that sometimes, different additional information or techniques may be available to different parties, meaning that that the status of the information may change. What is personal information for one organisation may not be that for another organisation if they have no access to the additional information that makes the information identifiable.
“Data protection law does not require you to adopt an approach that takes account of every absolute or purely hypothetical or theoretical chance of identifiability. It is not always possible to reduce identifiability risk to a level of zero, and data protection law does not require you to do so. The key is what is ‘reasonably likely’ relative to the circumstances, not what may be ‘conceivably likely’ in absolute,” the ICO says.
The chapters to follow include:
- Anonymisation and research - how anonymisation and pseudonymisation apply in the context of research;
- Guidance on privacy enhancing technologies (PETs) and their role in safe data sharing;
- Technological solutions – exploring possible options and best practices for implementation; and
- Data sharing options and case studies – supporting organisations to choose the right data sharing measures in a number of contexts including sharing between different organisations and open data release. Developed with key stakeholders, the case studies will demonstrate best practice.
See: ICO call for views: Anonymisation, pseudonymisation and privacy enhancing technologies guidance