ICO published the next chapter of the Anonymisation guidance draft : Anonymisation, pseudonymisation and privacy enhancing technologies guidance
How to ensure anonymisation is effective?
The ICO is calling for views on its updated draft guidance on anonymisation, pseudonymisation and privacy enhancing technologies. ICO are sharing their thinking in stages to ensure they gather as much feedback as possible to help refine and improve the final guidance, which will carry out a formal consultation.
In the first chapter ‘Introduction to Anonymisation’ it is outlined the legal, policy and governance issues around the application of anonymisation in the context of data protection law. .
The second chapter ‘Identifiability’ focuses on how to assess anonymisation in the context of identifiability. ICO explores the concept of a spectrum of identifiability, data sharing scenarios, the motivated intruder and reasonably likely tests as well as guidance on managing re-identification risk. These key principles set out views on effective anonymisation.
ICO will continue to publish draft chapters for comment at regular intervals. As outlined the next chapters to follow will include:
- Guidance on pseudonymisation techniques and best practices;
- Accountability and governance requirements in the context of anonymisation and pseudonymisation, including data protection by design and DPIAs;
- Anonymisation and research – how anonymisation and pseudonymisation apply in the context of research;
- Guidance on privacy enhancing technologies (PETs) and their role in safe data sharing;
- Technological solutions – exploring possible options and best practices for implementation; and
- Data sharing options and case studies – supporting organisations to choose the right data sharing measures in a number of contexts including sharing between different organisations and open data release. Developed with key stakeholders, our case studies will demonstrate best practice.
Contact Us
Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.
Recent blogs
Appointment of a DPO in Singapore: What You Need to Know Before 30th September
If your business handles personal data in Singapore, it’s important to be aware of a key deadline
Enterprise Data Protection: Securing Large-Scale Information Assets
Cyber threats and regulatory pressures have made it necessary for businesses around the world to sa
Continuous Data Protection: Ensuring Real-Time Information Security
Continuous data protection (CDP) has emerged as a crucial strategy in safeguarding data assets agai