Anonymising Data: A New Code Of Practice

The Information Commissioner’s Office (ICO) has published a new guide for businesses to ensure that individuals’ privacy is protected when their personal data is being transferred and analysed.

It stated such advice is necessary as the UK is generating more and more data, much of which is being put into the public domain for informational purposes. For example, the government’s open data agenda is aiming to hold public bodies to account by publicising their performance. Therefore, it is essential any details released are anonymised so it is impossible to trace back to a person.

Information commissioner Christopher Graham said the release of the new guidance, entitled the ‘data protection code of practice on managing the risks related to anonymisation’, will bring greater consistency to the area, as well as highlighting what is expected of companies dealing with potentially sensitive information.

He said while failure to adequately protect data can lead to the ICO taking action against an organisation, the body recognises there are many potential benefits from greater sharing and publication of information, such as boosting the transparency of the government and aiding the UK’s research community. Therefore, the processes involved in this need to be clear and easily understood.

Mr Graham said: “We hope today’s guidance helps practitioners to protect privacy and enable the use of data in exciting and innovative ways.” The code of practice contains a framework that will enable bodies to correctly assess the potential risks involved with anonymisation and how this relates to data protection laws.

It also features suggestions for how to successfully achieve anonymisation, with examples such as responding to Freedom of Information requests, how to use data for medical research purposes and how the retail sector can analyse individuals’ purchasing habits.

In a recent blog post, the ICO’s head of policy Steve Wood observed that the new code of practice is only a part of the solution to ensuring privacy is protected when using the vast amounts of data gathered in today’s environment. He added the newly-announced Anonymisation Network will also have a key role to play in sharing knowledge about how best to tackle the issue.

As part of its drive to improve privacy and data protection measures related to this, the ICO confirmed that it is to offer funding to this consortium, which will manage the sharing of good practice information in this area.

This will be led by the University of Manchester and include contributions from the University of Southampton, the Office for National statistics and the government’s new Open Data Institute. It will include a website, case studies, seminars and clinics for organisations looking to find out more about how to protect their data. The ICO will award £15,000 worth of funding for the network over the next two years.

Mr Wood added the use of anonymised data will have a key role to play in the ways businesses and public bodies in the UK share information about citizens. He added: “It is vitally important that a consistency of approach is developed, based on high standards that recognise individuals’ rights to privacy as well as the benefits that anonymised data presents for the population at large.”

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Dominic Monkhouse is the UK MD of managed hosting provider PEER 1. He has spent 14 years working in sales, marketing and business management within the IT sector. Prior to PEER 1, he held senior positions with Rackspace and IT support company IT Lab. Dominic is regularly interviewed by and quoted in business and technology publications including the Financial Times, Data Centre Dynamics, and Computer Business Review. Dominic has a BSc in Agricultural and Food Marketing from Newcastle and a MBA from Sheffield Business School.