[author: Tim Banks]
The UK Information Commissioner’s Office (ICO) has released a draft Code of Practice on Data Anonymisation. The UK ICO will be conducting a consultation on the draft Code until August 23, 2012.
The UK ICO states that the Data Protection Act (UK) should not be a barrier to prevent the anonymization of personal data. Moreover, once data is anonymized, the UK ICO states that the data can be disclosed to others without being subject to the Data Protection Act. This remains true, even if the disclosing organization retains the ability to re-identify the data.
The UK ICO’s interpretation of the Data Protection Act is that data that has been properly anonymized can be deployed for new uses without the consent of the individual from whom the data was initially collected. The exemption from the need to obtain consent is subject to a number of provisos:
the anonymization must be effective (the UK ICO recommends a privacy impact assessment);
the purpose for which the anonymization takes place is legitimate (and any ethical approvals have been obtained);
there are no detrimental effects on particular individuals;
there is a system for collecting individuals’ objections (even though consent is not required).
In assessing the effectiveness of anonymization, the UK ICO states that organizations must consider whether a motivated intruder could re-identify the individual using the data set. An organization must consider whether information that has purportedly been anonymized could be combined with other information to identify an individual. If so, then this would be a disclosure of personal information. The UK ICO suggests that organizations disclosing anonymized data will want to assess the disclosure risk “in the round”. In other words, all organizations disclosing part of the data set should consider whether another organization (or, the public) could identify the information from the information being disclosed.
Importantly, the UK ICO distinguishes identification from an educated guess. In order for there to be a re-identification issue creating a risk of disclosure, the data set must be capable of being used for more than establishing a probability that an individual has the characteristics attributed by the data set.
One of the most helpful aspects of the draft Code of Practice are the thoughtful examples of anonymization techniques that will help organizations understand the privacy principles in action.