The Information Commissioner's Office has published a draft Anonymisation Code of Practice for consultation. The consultation period runs until 23 August 2012 and the aim is to publish the final Code
The Information Commissioner's Office has published a draft Anonymisation Code of Practice for consultation. The consultation period runs until 23 August 2012 and the aim is to publish the final Code in September 2012. The Consultation document sets out the questions that organisations and members of the public are invited to respond to.
The Code contains the ICO's good practice recommendations about achieving effective anonymisation and is relevant for organisations considering obligations under both data protection law and freedom of information laws. The Code explains the benefits of anonymisation, the type of issues to consider when anonymising personal data effectively as well as whether consent to produce or disclose anonymised data is required (generally it's not). It also examines mechanisms that organisations can use to demonstrate effective anonymisation i.e. the motivated intruder and motivated defender tests.
There is a specific section on spatial information which is drawn from the ICO's previous guidance on crime mapping and the Code also sets out what the ICO expects an organisation to have in place to demonstrate effective governance when deploying anonymisation e.g. Privacy Impact Assessments, procedures for dealing with cases where anonymisation is difficult to achieve. In particular, the Code underlines the importance of re-identification testing so that an organisation should frequently assess the likelihood of anonymised data being linked to individuals.
Practical examples of anonymisation techniques including variations of data reduction and data perturbation methods (some of which are easier to follow than others) are set out in Appendix 1 and specific techniques (de-identification, pseudonymisation, aggregation, derived data items and banding) identified in Appendix 3.
It is clear that the ICO wants to encourage organisations to anonymise personal data where appropriate and, through the Code, to remove some of the nervousness around anonymisation. However, an organisation that adopts anonymisation will need to consider implementing a proper process both before anonymisation and throughout the life of the anonymised data (in proportion to the risks involved) to demonstrate that an appropriate anonymisation technique is adopted and that the risk of re-identification is kept under scrutiny. On the latter point, the Code concedes that the risk of re-identification through data-linkage is essentially unpredictable and therefore urges organisations to carry out a thorough risk analysis before anonymising personal data in the first place.
The Code contains the ICO's good practice recommendations about achieving effective anonymisation and is relevant for organisations considering obligations under both data protection law and freedom of information laws. The Code explains the benefits of anonymisation, the type of issues to consider when anonymising personal data effectively as well as whether consent to produce or disclose anonymised data is required (generally it's not). It also examines mechanisms that organisations can use to demonstrate effective anonymisation i.e. the motivated intruder and motivated defender tests.
There is a specific section on spatial information which is drawn from the ICO's previous guidance on crime mapping and the Code also sets out what the ICO expects an organisation to have in place to demonstrate effective governance when deploying anonymisation e.g. Privacy Impact Assessments, procedures for dealing with cases where anonymisation is difficult to achieve. In particular, the Code underlines the importance of re-identification testing so that an organisation should frequently assess the likelihood of anonymised data being linked to individuals.
Practical examples of anonymisation techniques including variations of data reduction and data perturbation methods (some of which are easier to follow than others) are set out in Appendix 1 and specific techniques (de-identification, pseudonymisation, aggregation, derived data items and banding) identified in Appendix 3.
It is clear that the ICO wants to encourage organisations to anonymise personal data where appropriate and, through the Code, to remove some of the nervousness around anonymisation. However, an organisation that adopts anonymisation will need to consider implementing a proper process both before anonymisation and throughout the life of the anonymised data (in proportion to the risks involved) to demonstrate that an appropriate anonymisation technique is adopted and that the risk of re-identification is kept under scrutiny. On the latter point, the Code concedes that the risk of re-identification through data-linkage is essentially unpredictable and therefore urges organisations to carry out a thorough risk analysis before anonymising personal data in the first place.