De-identification and Anonymisation Flashcards
(17 cards)
What does GDPR say about anonymisation?
“Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed”
- Not kept longer than necessary
- Follow (local) retention guidelines and NHS COP
- Review data you hold
- Dispose of information correctly
What is anonymisation?
The process of de-identifying data so that the data subject cannot be identified
De-identification performed so that it is impossible to link a dataset back to an individual
What laws does personal data come under?
GDPR, DPA and Common Law Duty of Confidentiality
What is de-identification?
Identity of an individual removed from a dataset (e.e. removing or replacing a patient’s name)
What is functional anonymisation?
De-identification performed such that the risk of re-identification is deemed acceptable
What is pseudonymisation?
Dataset de-identified with a link maintained (deliberately or otherwise) back to the individual
What is the risk assessment process?
Critically consider task, data situation, risk appetite and sensitivity -> risk assess -> acceptable? -> mitigate -> perform task -> verify original requirements are met
Record at all steps of the process
What is reversible pseudonymisation?
Linking a patient ID to a meaningless number and keep a record of what ID means what - reversible by using the mapping table
What is irreversible pseudonymisation?
Use ‘one way hashing’ - original ID is always converted to teh same new ID, but new ID cannot be used to get to the original
What is reversible pseudonymisation?
Reversible encryption - original ID is recoverable by decrypting the new ID
What is data reduction?
Data processed (usually at source) to extract only what is required for subsequent study
What is an example of when anonymisation may be used?
Hospital publishing statistical health research data
What does GDPR say about anonymised data?
Anonymised data is not personal data and so it is not covered
What is an example of when pseudonymisation may be used?
In a clinical trial, names and IDs are replaced with a study ID meaning researchers won’t see names but it is possible to link the study ID back to the patient
What challenges are associated with anonymisation?
Risks of re-identification, balancing utility with anonymisation
What does GDPR say about pseudonymised data?
It is still considered personal data
What are challenges associated with pseudonymised data?
Still personal data is the re-identification key exists, security issue if the key is not kept secure
