The Information Commissioner’s Office (ICO) has begun a public consultation on a new anonymisationcode of practice.
The code will provide guidance on how information can be successfully anonymised and how to assess the risks of identification. The ICO has also launched a tendering process to establish a network of experts to share best practice around the release of data in an anonymised form.
Anonymisation techniques can convert personal data into a form so that individuals are no longer identifiable. The consultation will be relevant to any organisation that wants to release anonymised data, for example under the government’s open data agenda.
Christopher Graham, Information Commissioner said:
“The UK is putting more and more valuable data into the public domain. The open data agenda will see this process continue and I welcome the power this information gives the average UK citizen to understand how the public sector operates and hold organisations to account.
“However, while the public wants to see openness, they want to see their privacy rights respected too. The risks of anonymisation can sometimes be underestimated and in other cases overstated; organisations need to be aware of what those risks are and take a structured approach to assessing them, particularly in light of other personal information in the public domain.
“Anonymisation can allow organisations to publish or share useful information derived from personal data, whilst protecting the privacy rights of individuals. Our code will aim to provide clear, practical advice on how data can be anonymised. We are now inviting individuals and organisations to submit their views on how this can best be achieved.”
The consultation will play an important role in making sure that the new code achieves the right balance between the protection of individuals’ privacy and the benefits of making information publicly available.
The consultation will remain open for the next 12 weeks, before closing on 23 August 2012. A copy of the draft code and consultation document is available in the consultation section of the ICO website.
A final version of the ‘Anonymisation Code of Practice’ – incorporating any changes recurring from comments received – is due for publication in September.
The code of practice will allow organisations to better achieve compliance against the proposed European Data Protection Act. Read my post Proposed European wide Data Protection Act – a review for further information.
Another alternative to anonymisation is Tokenization which is a recognised solution for PCI DSS. For details of a Free copy of the Tokenization for Dummies eBook click here.