The publication of the book The Anonymisation Decision-making Framework1 in July 2016 marked the culmination of a three-year cross-sector collaboration in the UK, and the beginning of new international collaborations to bring the work underpinning the book further afield. The topic, anonymisation, has not been well understood - as well publicised data breaches2,3 attest - and yet it is of critical importance in this age of data; not just in a legal sense – what information is known about you and by whom has ethical, social, economic and political implications. The good news is that it is not a matter of data sharing versus privacy – you can have both if anonymisation is done well.
Anonymisation is an ongoing area of research – but although complex it is not an intractable problem. In 2012, the UK Information Commissioner’s Office (ICO) published its Code of Practice on anonymisation4 and in the same year provided the initial funding for the establishment of the UK Anonymisation Network (UKAN). UKAN provides information and advice to anyone handling personal data that needs to share it and as part of this work was tasked with developing guidance that could fill the gap between that which is given in a code of practice and that which is needed when grappling with the practical reality of doing anonymisation.
The initial funding supported a series of workshops attended by UKAN’s core network5 of thirty representatives drawn from academia, government, health, commercial and voluntary sectors. Under consideration were two core questions:
1) How should we define and describe anonymisation given the many different perspectives on it?
2) What would practical advice look like given that anonymisation is a complex topic requiring skill and judgement?
The workshops led to the development of the Anonymisation Decision-making Framework (ADF): a ten component framework that unifies the technical, legal, social and ethical aspects to provide a comprehensive guide to doing anonymisation in practice. The framework was captured and elaborated on in a book of the same name. The draft of the ADF book was then subject to an extensive review process from both the core network and an international scientific group of experts. The ADF is underpinned by the data environment perspective which locates re-identification risk in the interaction between data and their environment, where traditionally such risk had been seen as arising (largely) from the data itself. The critical question for the data controller is shifted from ‘how risky are these data?’ to ‘how might a re-identification occur for these data in that environment?’ From this, a new concept for thinking about and doing anonymisation has emerged - functional anonymisation - which asserts that one cannot determine whether data are anonymised without reference to their environment.
In a natural extension of the highly participatory writing process, the UK authors have this year collaborated with CSIRO (the Commonwealth Scientific and Industrial Research Organisation) and the Office of the Australian Information Commissioner to adapt The ADF for the Australian context. One change from the UK book is the substitution of the term ‘anonymisation’ for ‘de-identification’, thus the Australian version is `The De-Identification Decision-Making Framework’6. In addition, the adaptation required revisions due to differences in the legal frameworks, the use of Australian examples and terminology, and the inclusion of some reference to the Five Safes framework gaining popularity in Australia. The publication of this resource in Australia was very timely given the recent Australian Government Productivity Commission report on Data Availability and Use, and the release and subsequent retraction of two datasets on the data.gov.au government open data website.
Next year we plan to begin work on a second edition of The ADF book to take account not just of the changing legal landscape, i.e. the introduction of the General Data Protection Regulation (May 2018) and Digital Economy Act (2017), but also to capture our continued research on the topic.
References and notes
1 The Anonymisation Decision-making Framework. Elliot, M., Mackey, E. O’Hara, K and Tudor, C. (2016). http://ukanon.net/ukan-resources/ukan-decision-making-framework/
2 See CNN Money (2010) http://tinyurl.com/CNN-BREACHES
3 See Atokar (2014) http://tinyurl.com/NYC-TAXI-BREACH
4 Anonymisation: managing data protection risk code of practice, 2012 https://ico.org.uk/media/1061/anonymisation-code.pdf
5 UKAN is coordinated by a consortium of four partner organisations: the Universities of Manchester and Southampton, the Office for National Statistics and the Open Data Institute.
6 CM O’Keefe, S Otorepec, M Elliot, E Mackey, and K O’Hara (2017) The De-Identification Decision-Making Framework. CSIRO Reports EP173122 and EP175702. http://data61.csiro.au/en/Our-Work/Safety-and-Security/Privacy-Preservation/De-identification-Decision-Making-Framework