Winchester Vacancies

ICO publishes data protection code of practice on anonymisation

The Information Commissioner’s Office (ICO) has published its code of practice on managing the risks related to anonymisation.

According to the watchdog, the code “explains how to protect the privacy rights of individuals while providing rich sources of data”.

The ICO said the guidance, which can be viewed here, would help practitioners assess the risks of anonymisation related to data protection and identification of individuals.

Subjects covered include:

  • how personal data can be anonymised for medical research purposes;
  • how individuals’ information can be anonymised when responding to Freedom of Information requests; and
  • how customers’ data can be anonymised to help market researchers analyse people’s purchasing habits.

A consortium led by the University of Manchester will meanwhile run the new UK Anonymisation Network, the ICO said.

This network, which is to receive £15,000 in funding from the ICO, will promote the sharing of good practice on anonymisation across both the public and private sectors. It will develop a website, publish case studies and hold clinics and seminars.

The Information Commissioner, Christopher Graham, said: “We have published our code of practice on managing the data protection risks related to anonymisation to provide a framework for practitioners to use when considering whether to produce anonymised information. The code also aims to bring a greater consistency of approach and to show what we expect of organisations using this data.

“Failure to anonymise personal data correctly can result in enforcement action from the ICO. However we recognise that anonymised data can have important benefits, increasing the transparency of government and aiding the UK’s widely regarded research community.”

Graham added: “We hope today’s guidance helps practitioners to protect privacy and enable the use of data in exciting and innovative ways.”

Earlier this week, the ICO’s head of policy Steve Wood said the watchdog backed the use of anonymisation techniques when putting data into the public domain.

However, he also warned that the regulator would take “swift enforcement action” against those who negligently or complacently place individuals’ privacy at risk through poor standards.