Anonymisation

Contents

• About this guidance

  • Why have you produced this guidance? 
  • What is this guidance about?
  • Who is this guidance for?
  • How is this guidance structured?

• Introduction to anonymisation

  • What is personal data?
  • What is anonymous information?
  • What is anonymisation?
  • Is anonymisation always necessary?
  • Is anonymisation always possible?
  • What are the benefits of anonymisation?
  • If we anonymise personal data, does this count as processing?
  • What is the difference between anonymisation and pseudonymisation?
  • What about ‘de-identified’ personal data?

• How do we ensure anonymisation is effective?

  • What should our anonymisation process achieve?
  • What is identifiability?
  • What are the key indicators of identifiability?
  • What is the “spectrum of identifiability”?
  • What does data protection law say about assessing identifiability risk?
  • How should we approach this assessment?
  • What factors should we include?
  • Do we need to consider who else may be able to identify people from the data?
  • Can we anonymise within our organisation?
  • What is the “motivated intruder” test?
  • How do we apply the motivated intruder test?
  • When should we review our identifiability risk assessments?
  • How do we decide when and how to release data?
  • What approaches can we take to anonymisation?

• Psedonymisation

  • What is pseudonymisation?
  • Is pseudonymised data still personal data?
  • What are the benefits of pseudonymisation?
  • How can pseudonymisation help us to reduce risk?
  • Can pseudonymisation help us process data for other purposes?
  • Are there any offences relating to pseudonymisation?
  • How should we approach pseudonymisation?
  • What pseudonymisation techniques should we use?
  • How should we assess the risk of attackers reversing pseudonymisation?
  • What organisational measures should we consider for pseudonymisation?

• What accountability and governance measures do we need?

  • What governance approach should we take?
  • Who should be responsible for our anonymisation process?
  • Why do we want to anonymise personal data?
  • How should we work with other organisations?
  • What type of disclosure is it?
  • How should we identify potentially difficult cases?
  • How should we ensure transparency?
  • How should we ensure appropriate staff training?
  • How should we mitigate identification risk due to a security incident?
  • What other legal considerations apply? 

• Case studies

  • pseudonymising employee data for recruitment analytics
  • trusted third parties for market insights

• Glossary