The publication of the book The Anonymisation Decision-making Framework1 in July 2016 marked the culmination of a three-year cross-sector collaboration in the UK, and the beginning of new international collaborations to bring the work underpinning the book further afield. The topic, anonymisation, has not been well understood - as well publicised data breaches2,3 attest - and yet it is of critical importance in this age of data; not just in a legal sense – what information is known about you and by whom has ethical, social, economic and political implications. The good news is that it is not a matter of data sharing versus privacy – you can have both if anonymisation is done well.
Anonymisation is an ongoing area of research – but although complex it is not an intractable problem. In 2012, the UK Information Commissioner’s Office (ICO) published its Code of Practice on anonymisation4 and in the same year provided the initial funding for the establishment of the UK Anonymisation Network (UKAN). UKAN provides information and advice to anyone handling personal data that needs to share it and as part of this work was tasked with developing guidance that could fill the gap between that which is given in a code of practice and that which is needed when grappling with the practical reality of doing anonymisation.
The initial funding supported a series of workshops attended by UKAN’s core network5 of thirty representatives drawn from academia, government, health, commercial and voluntary sectors. Under consideration were two core questions:
In a natural extension of the highly participatory writing process, the UK authors have this year collaborated with CSIRO (the Commonwealth Scientific and Industrial Research Organisation) and the Office of the Australian Information Commissioner to adapt The ADF for the Australian context. One change from the UK book is the substitution of the term ‘anonymisation’ for ‘de-identification’, thus the Australian version is `The De-Identification Decision-Making Framework’6. In addition, the adaptation required revisions due to differences in the legal frameworks, the use of Australian examples and terminology, and the inclusion of some reference to the Five Safes framework gaining popularity in Australia. The publication of this resource in Australia was very timely given the recent Australian Government Productivity Commission report on Data Availability and Use, and the release and subsequent retraction of two datasets on the data.gov.au government open data website.
Next year we plan to begin work on a second edition of The ADF book to take account not just of the changing legal landscape, i.e. the introduction of the General Data Protection Regulation (May 2018) and Digital Economy Act (2017), but also to capture our continued research on the topic.
References and notes
Submitted by Elaine Mackey, Mark Elliot, University of Manchester and Christine M O’Keefe, CSIRO on Thursday, 7th December 2017