Introduction to anonymisation

Introduction to anonymisation

Draft anonymisation, pseudonymisation and privacy enhancing technologies guidance

May 2021

Contents

About this guidance .................................................................... 2

Why have you produced this guidance? ............................................... 2 What is this guidance about? ............................................................. 3 Who is this guidance for? .................................................................. 4 How is this guidance structured? ........................................................ 5

Introduction to anonymisation ...................................................7

What is personal data? ..................................................................... 7 What is anonymous information?........................................................ 9 What is anonymisation? .................................................................... 9 Is anonymisation always necessary? ..................................................11 Is anonymisation always possible?.....................................................11 What are the benefits of anonymisation? ............................................11 If we anonymise personal data, does this count as processing? .............12 What is pseudonymisation? ..............................................................13 What about `de-identified' personal data? ...........................................14 What is the difference between anonymisation and pseudonymisation?...15 What are the benefits of pseudonymisation? .......................................17

1

About this guidance

At a glance

? Anonymisation is a privacy-friendly way to harness the potential of data, including when developing new and innovative products and services.

? Effective anonymisation of personal data is possible in many circumstances. It depends on the techniques you use. You need to reduce the risks of identifying individuals to a sufficiently remote level so that the information is effectively anonymised.

? This guidance will help all organisations that seek to anonymise personal data, for whatever purpose.

? It will help you identify the issues you need to consider to use anonymisation techniques effectively.

In detail

? Why have you produced this guidance? ? What is this guidance about? ? Who is this guidance for? ? How is this guidance structured?

Why have you produced this guidance?

Data is the lifeblood of the digital economy, and data sharing is key to opening up new opportunities.

We understand the benefits that data sharing can bring to organisations, individuals and society as a whole, but there are risks too. However, effective anonymisation techniques provide a privacy-friendly alternative to sharing personal data.

This guidance sits alongside our data sharing code of practice, which gives practical guidance on how to share personal data in line with data protection law. Anonymisation offers an alternative way to use or share data by making sure that individuals are not identifiable.

You need to have a reasonable degree of confidence that disclosing or sharing apparently anonymous information will not lead to an inappropriate disclosure of personal data, eg through `re-identification'.

Determining the status of information in different circumstances is therefore a key challenge. For example, you may hold information that is clearly

2

personal data, but its status when processed by another organisation or by the world at large may be unclear.

Anonymisation safeguards individuals' privacy and is a practical example of the data protection by design approach that the law requires.

Effective anonymisation of personal data is possible, desirable and can help society to make rich data resources available whilst protecting individuals' privacy.

Further reading outside this guidance

Visit our data sharing information hub for more information about the data sharing code.

What is this guidance about?

This guidance:

? explains what we mean by anonymisation and pseudonymisation; ? details how this affects your data protection obligations and

responsibilities; ? discusses what you should consider when anonymising personal data; ? provides good practice advice for when you seek to anonymise this

data; and ? discusses technical and organisational measures to mitigate the risks

to individuals when you do so.

This guidance deals with the role that anonymisation plays in the context of data protection law:

? the Data Protection Act 2018; and ? the three data protection regimes:

o general processing under Part 2 of the DPA 2018 and the UK GDPR; o law enforcement processing under Part 3; and o intelligence services processing under Part 4.

Where relevant, the guidance highlights and explains any differences between the regimes.

This guidance does not generally consider the impacts of anonymisation on areas of ICO competence outside data protection. However, some sections are relevant under other laws such as the Freedom of Information Act 2000 (FOIA).

3

This guidance is not a statutory code. It contains advice on how to interpret relevant law in the context of anonymous information, and recommendations on good practice. There is no penalty if you fail to adopt good practice recommendations, as long as you find another way to comply with the law.

This guidance does not describe every possible anonymisation technique in detail, but includes case studies and good practice recommendations.

Who is this guidance for?

You should use this guidance if you are considering turning personal data into anonymous information. For example, this guidance is relevant if you:

? are required by law to publish anonymous information, eg some health service bodies;

? are looking to use data in new and innovative ways, eg to improve services or design new products or collect large volumes of data to train AI models;

? need to deal with a request for information under FOIA, and it includes personal data;

? want to become more transparent and accountable to the public; or ? want to provide anonymous information for research purposes, or to

enable wider societal benefits.

This guidance describes ways you can assess and mitigate the risks that may arise, particularly in terms of how to assess whether other data is available that may make re-identification likely. It also helps you to assess other risks (eg those involved with producing and publishing anonymous information). These may include:

? information about an individual's private life ending up in the public domain;

? a supposedly anonymous dataset being `cracked' so personal data about individuals is compromised;

? re-identification causing harms to individuals, such as a loss of control of their personal data causing harms such as damage, embarrassment anxiety or financial loss;

? reduced trust and confidence if you disclose information unsafely; and ? legal problems where insufficiently redacted qualitative data is

disclosed, eg under FOIA.

Anonymisation can help you to mitigate these risks and share information fairly and proportionately. This guidance will help you develop your understanding of anonymisation techniques, their strengths and weaknesses, and the suitability of their use in particular situations.

4

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download