De-Identification: Basic Concepts and Techniques

Jun 08 2016

As the demand for government-held data increases, institutions require effective processes and techniques for removing personal information. An important tool in this regard is de-identification. “De-identification” is the general term for the process of removing personal information from a record or data set.

De-identification protects the privacy of individuals because once de-identified, a data set is considered to no longer contain personal information. If a data set does not contain personal information, its use or disclosure cannot violate the privacy of individuals. Accordingly, the privacy protection provisions of the Freedom of Information and Protection of Privacy Act (FIPPA) and the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) would not apply to de-identified information.

Today, we have published guidelines, De-identification Guidelines for Structured Data, which introduce the basic concepts and techniques of de-identification. The document outlines the key issues to consider when de-identifying personal information in the form of structured data and it provides a step-by-step process that institutions can follow when removing personal information from data sets.