ICO issues anonymous data guidelines

UK data watchdog the Information Commissioner's Office (ICO) has published guidelines on the management of sensitive data in light of advances in big data analysis tools, outlining the risks to anonymisation of data.

With increasing volumes of anonymised data being released in the public domain, it was vital that firms were attuned to the risks that people's privacy could be breached, if they can be identified within these anonymous data sets, said Christopher Graham, information commissioner.

“The code also aims to bring a greater consistency of approach and to show what we expect of organisations using this data,” he said.

“Failure to anonymise personal data correctly can result in enforcement action from the ICO. However we recognise that anonymised data can have important benefits, increasing the transparency of government and aiding the UK’s widely regarded research community."

Lawyers also pointed out the importance of ensuring best practice when using data.

“Ensuring that data is properly anonymised, and not just 'masked' can be very difficult to achieve in practice, particularly as technology is constantly evolving,” warned Bridget Treacy, head of information management at law firm Hunton & Williams.

The difficulties of truly anonymising data matter because of the uses that these datasets will be put to, warned Ross Anderson, a computer scientist at Cambridge University, specialising in security.

“Big Pharma wants all our medical records and has persuaded the Prime Minister it should have access so long as our names and addresses are removed,” he wrote on his team's blog. 

The ICO’s blog suggests that [it] will consider data to be anonymous and thus no longer private if they cannot be re-identified by reference to any other data already in the public domain. But this is trickier than you might think,” he added.