1 minute read
ANONYMISATION VERSUS DE-IDENTIFICATION
ANONYMISATION VERSUS DE-IDENTIFICATION
Anonymisation refers to the conversion of personal data into data that cannot be used to identify any individual. PDPC views anonymisation as a risk-based process, which includes applying both anonymisation techniques and safeguards to prevent re-identification. De-identification4 refers to the removal of identifiers (e.g. name, address, National Registration Identity Card (NRIC) number) that directly identify an individual. De-identification is sometimes mistakenly equated to anonymisation, however it is only the first step of anonymisation. A de-identified dataset may easily be re-identified when combined with data that is publicly or easily accessible. Re-identification refers to the identification of individuals from a dataset that was previously de-identified or anonymised. Anonymised data is not considered personal data and thus, is not governed by the PDPA. For more information, please refer to the topic on anonymisation in the PDPC’s Advisory Guidelines on the Personal Data Protection for Selected Topics.
Advertisement
AN EXAMPLE OF DE-IDENTIFICATION
Albert uses food ordering apps frequently. His favourite food ordering app — SuperHungry — decides to publish some information about its users for a hackathon.
