ICO published the next chapter of the Anonymisation guidance draft : Anonymisation, pseudonymisation and privacy enhancing technologies guidance

How to ensure anonymisation is effective?

The ICO is calling for views on its updated draft guidance on anonymisation, pseudonymisation and privacy enhancing technologies. ICO are sharing their thinking in stages to ensure they gather as much feedback as possible to help refine and improve the final guidance, which will carry out a formal consultation.

In the first chapter ‘Introduction to Anonymisation’ it is outlined the legal, policy and governance issues around the application of anonymisation in the context of data protection law. .

The second chapter ‘Identifiability’ focuses on how to assess anonymisation in the context of identifiability. ICO explores the concept of a spectrum of identifiability, data sharing scenarios, the motivated intruder and reasonably likely tests as well as guidance on managing re-identification risk. These key principles set out views on effective anonymisation.

ICO will continue to publish draft chapters for comment at regular intervals. As outlined the next chapters to follow will include:

• Guidance on pseudonymisation techniques and best practices;
• Accountability and governance requirements in the context of anonymisation and pseudonymisation, including data protection by design and DPIAs;
• Anonymisation and research – how anonymisation and pseudonymisation apply in the context of research;
• Guidance on privacy enhancing technologies (PETs) and their role in safe data sharing;
• Technological solutions – exploring possible options and best practices for implementation; and
• Data sharing options and case studies – supporting organisations to choose the right data sharing measures in a number of contexts including sharing between different organisations and open data release. Developed with key stakeholders, our case studies will demonstrate best practice.