Deidentification and Anonymisation Flashcards
How long can data be kept in an identifiable form according to GDPR?
For no longer than is necessary for the purposes for which the personal data is processsed.
Define anonymisation
The process of de-identifying data so that the data subject cannot be identified.
Define de-identification
When the identity of an individual is removed from a dataset (e.g. removing or replacing a patient’s name).
Define functional anonymisation
De-identification perfomed such that the risk of re-identification is deemed acceptable.
Define pseudonymisation
When a dataset is de-identified with a link maintained (deliberatrely or otherwise) back to the individual.
What is a data situation?
The specific circumstances surrounding the use, availability, and quality of data within an organisation or context.
What are the 3 main questions asked during a data situation audit?
1) What in the data situation are you or your organisation responsible for (alone or jointly)?
2) Within that locus of responsibility, is there a non-negligible disclosure risk that needs to be addressed?
3) How sensitive is your data situation?
Describe the risk assessment process
Give an example of where medical records are de-identified (but not fully anonymised)
The Cancer Imaging Archive
Is content required to use anonymised images?
No, provided there is no likelihood of anonymisation causing unwarranted damage or distress (as will be the case if it is done effectively).
What is de-identification to the point of publication?
Patient data that does not contain direct or indirect identifiers and has no reasonable prospect of the patient being identifiable.
Give 2 examples of direct identifiers
Patient name
Address
Give 2 examples of indirect identifiers
Hospital number
Hospital name
What information can be shared when data is de-identified for limited access?
- Study ID
- Hospital name
Functional anonymisation is _______ and ________.
Permanent
Irreversible
What are the two types of pseudonymised data?
Reversible (using a mapping table or reversible encryption) and irreversible (one-way ‘hashing’)
What is data reduction?
When data is processed to extract only what is required for a subsequent study. This is done via a cryptographic hash.
Who produces and manages the code of practice for anonymisation and managing related data protection risks?
ICO: the information commissioners office
Organisations anonymising personal data need an effective and comprehensive __________ structure overseen by ______ staff.
Governance
Senior
When are the anonymisation governance procedures of an organisation assessed? By who?
The ICO asks about governance procedures if there is a complaint or is an audit is carried out.
