1 minute read
INTRODUCTION
INTRODUCTION
This guide is meant to provide an introduction and practical guidance to organisations that are new to anonymisation on how to appropriately perform basic anonymisation and de-identification of structured1, textual2, non-complex datasets3. It presents the anonymisation workflow in the context of four common use cases.
Advertisement
This guide is not exhaustive in dealing with all the issues relating to anonymisation, de-identification and re-identification of datasets. Organisations are advised to consider hiring anonymisation experts, statisticians or independent risk assessors to perform the appropriate anonymisation techniques or assessment of re-identification risks, where anonymisation issues are complex (e.g. large datasets containing a wide range of longitudinal or sensitive personal data). Implementation of the recommendations in this guide does not imply compliance with the Personal Data Protection Act (PDPA). Different jurisdictions view anonymisation differently and hence, the recommendations provided in this guide may not apply to data protection laws in other countries.
This guide should be read together with the Personal Data Protection Commission’s (PDPC) Advisory Guidelines on the Personal Data Protection Act for Selected Topics.
1. “Structured” refers to data in a defined and tabular format, such as a spreadsheet or relational database (e.g. XLSX and CSV). 2. “Textual” refers to text, numbers, dates, etc., that is, alphanumeric data already in digital form. Anonymisation techniques for non-textual data like audio, video, images, biometric data, etc., create additional challenges and require different anonymisation techniques, which are outside the scope of this guide. 3. The approach recommended in this guide applies only to treatment of structured data (i.e. textual data in a tabular form in columns and rows, such as Microsoft Excel spreadsheets). Digital photographs, for example, do not fall under this category of data.
