The Information Commissioner’s Office (ICO) is calling for views to help develop its anonymisation, pseudonymisation, and privacy enhancing technologies guidance.

The first draft chapter for the guidance is the introduction to anonymisation, which explores the legal, policy and governance issues around the application of anonymisation and pseudonymisation in the context of data protection law.

The government body will explore when personal data can be considered anonymised, if it is possible to anonymise data adequately to reduce risks, and what the benefits of anonymisation and pseudonymisation might be.

The ICO said that it would continue to publish draft chapters for comment at regular intervals, throughout the summer and autumn.

As outlined in Building on the data sharing code – our plans for anonymisation guidance, chapters to follow include:

• Identifiability – outlining approaches such as the spectrum of identifiability and their application in data sharing scenarios, including guidance on managing re-identification risk, covering concepts such as the ‘reasonably likely’ and ‘motivated intruder’ tests;
• Guidance on pseudonymisation techniques and best practices;
• Accountability and governance requirements in the context of anonymisation and pseudonymisation, including data protection by design and DPIAs;
• Anonymisation and research - how anonymisation and pseudonymisation apply in the context of research;
• Guidance on privacy enhancing technologies (PETs) and their role in safe data sharing;
• Technological solutions – exploring possible options and best practices for implementation; and
• Data sharing options and case studies – supporting organisations to choose the right data sharing measures in a number of contexts including sharing between different organisations and open data release. Developed with key stakeholders, our case studies will demonstrate best practice.

Share Story: