18
A GUIDE TO BASIC ANONYMISATION
Applicable to:
STEP 1
KNOW YOUR DATA
Internal data sharing (de-identified data)
Internal data sharing (anonymised data) or External data sharing
Long-term data retention
Synthetic data
A personal data record is made up of data attributes that have varying degrees of identifiability and sensitivity to an individual. Anonymisation typically involves removal of direct identifiers and modification of indirect identifiers. Target attributes are usually left unchanged, except where the purpose is to create synthetic data. The table and examples below illustrate how a data attribute is typically classified within a data record. Direct identifiers
Indirect identifiers
Target attributes
Classification of data attributes in a dataset
These are data attributes that are unique to an individual and can be used as key data attributes to re-identify an individual.
These are data attributes that are not unique to an individual but may re-identify an individual when combined with other information (e.g. a combination of age, gender and postal code).
These are data attributes that contain the main utility of the dataset. In the context of assessing adequacy of anonymisation, this data attribute may be sensitive in nature, and may result in a high potential for adverse effect to an individual when disclosed.
Accessibility of data
These data attributes are usually public or easily accessible.
These data attributes may be public or easily accessible.
These data attributes are usually not public or easily accessible. They cannot be used for re-identification as they are typically proprietary.
