My attention has been drawn recently to the futuristic-sounding process of Anonymisation. Disappointingly, it is not some form of science fiction memory eradication technique, but one of the most important activities that organisations should be undertaking to comply with the Data Protection Act. Indeed, one of our clients, a large insurer, has started to realise that they are going to need to anonymise the information they keep for long-term trend analysis and review so I decided to refresh my memory on the advice contained on the Information Commissioner’s Office (ICO) website. Firstly, I thought I would find out how the ICO defines anonymisation and the answer is:
“Anonymisation is the process of turning data into a form which does not identify individuals and where identification is not likely to take place. This allows for a much wider use of the information. The Data Protection Act controls how organisations use ‘personal data’ – that is, information which allows individuals to be identified.”
There is an Anonymisation Code of Practice and a really nice summary available on the site too. The key points are:
- There is an acknowledgement that we some organisations need to retain rich data sources but also that there is a need to protect individuals’ identity
- All staff need a sound understanding of what personal data is (definition again on the ICO site)
- Organisations should have a governance structure in place for anonymisation
- It is important to conduct a thorough risk analysis of what would happen should it become possible to piece together your anonymous information to farm and re-use the personal data – this process is called re-identification
- The code highlights several techniques available to allow you anonymise what it calls qualitative data (as in not statistical data) including redacting individuals’ names from documents, blurring video footage to disguise faces, electronically disguising or re-recording audio material or changing details in a report (precise place names, precise dates)
The code cites some useful case law relating to the disclosure of anonymised abortion statistics (they can be released if the underlying data is converted into statistics).
Perhaps most importantly the key benefit of carrying out anonymisation is to “minimise the risk of breaking the law and consequent enforcement action by the ICO and other regulators”.
There, we can’t say we haven’t been warned.