anonymization → de-identification #108
Conversation
|
@yarikoptic this merging should not happen -- de-identification is the term used by the US Health Insurance Portability and Accountability Act (HIPPA) and as such you can retain patients ID which akin to pseudonymization (to make it clear US-deidentified data as defined in HIPPA remains personal under GDPR) by contrast anomymization as a clear-cut data status |
The meaning of "anomymization" differs widely between the US and the EU. I'm not sure what you mean by "clear-cut data status". I do understand "de-identification" has a specific meaning under HIPAA,, but so does "anonymization" under GDPR. I do not view the fact that de-identified data under HIPAA data remains personal data under GDPR as a problem. It's almost impossible to anonymize data under GDPR, almost any interesting data will remain personal (pseudnymized instead of anonymized) under GDPR. The idea here is precisely to pseudonymize data, not to "anonymize" data, therefore "de-identification" is the proper term. |
|
then psedonymized is the proper term, de-identified is HIPAA specific |
|
To make things clear:
|
|
I agree with all the above :-) except 'Hence I recommend you use the term "de-identification", as in "pseudonymization", because the term "anonymization" (as in the GDPR) is misused here.' why? to be american centric? |
|
I find "pseudonymization" too specific. The idea is to use a term that covers attempts to de-identify data, ranging from simple peudonymization to anonymization. The only term that comes to mind is "de-identification". I acknowledge the term has been hijacked by HIPAA to mean something specific, but that's certainbly less specific than "anonymization" under GDPR. I cannot find an alternative term to de-identification in its broad (not HIPAA) sense. |
|
ok but then we must define first de-identification to make sure people understand what you mean (I would actually copy/paste the points you made above since they are correct) |
|
I totally agree. We need a glossary with some basic terms:
|
|
what about
Unless specifically mentioned, we used here de-identification in the generic sense, meaning removing obvious features leading to identification (names, addresses, maybe facial information from MRI). |
|
Yes, looks good. Is ISO 29100:2011 equivalent to the G29 opinion on anonymization techniques? I haven't read ISO 29100:2011 as I cannot find the PDF on the web site of the ISO/IEC Information Technology Task Force. By the way, do you have a link to this decision: the EU court of justice indicated that the possibility of identification is enough to consider data as personal? |
|
sure - case from IP address - https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2933781 |
|
On the other hand, Wikipedia defines "pseudonymization" as a "de-identification" procedure, hence as a subset of it:
Perhaps we should use "de-identification" in the broad sense, as defined by Wikipedia:
|
|
sure we can use that definition, I would still add that it's a concept from the US Health Insurance Portability and Accountability Act (HIPPA) which does not involve irreversibility as anonymization does |
|
don't have the ISO thing either |
|
I'll add the glossary. |
DimitriPapadopoulos
force-pushed
the
anonymization
branch
from
57e5893
to
55b43a3
Compare
|
@CPernet Can you have a look at the updated merge request? I have added the glossary. Fell free to modify. |
DimitriPapadopoulos
force-pushed
the
anonymization
branch
from
55b43a3
to
dd57233
Compare
|
Here are the ISO documents:
|
DimitriPapadopoulos
force-pushed
the
anonymization
branch
from
dd57233
to
c6e7dfe
Compare
|
where is the glossary? couldn't not see it -- we need to define up front what we mean in the doc by de-identification and refer to the glossary |
DimitriPapadopoulos
force-pushed
the
anonymization
branch
from
66a2985
to
6f4440b
Compare
Fixes #106.