ICO publishes best practice code on anonymisation of data

The Information Commissioner's Office (ICO) has published a data protection code of practice on managing the risks related to anonymisation.

It explains the issues surrounding the anonymisation of personal data and its disclosure, along with how to protect the privacy rights of individuals while providing rich sources of data. The ICO claims that the code will be useful to any organisation that needs to convert personal data into a form in which individuals are no longer identifiable.

"We have published our code of practice on managing the data protection risks related to anonymisation to provide a framework for practitioners to use when considering whether to produce anonymised information," said Christopher Graham, UK Information Commissioner. 

"The code also aims to bring a greater consistency of approach and to show what we expect of organisations using this data. 

"Failure to anonymise personal data correctly can result in enforcement action from the ICO. However, we recognise that anonymised data can have important benefits, increasing the transparency of government and aiding the UK's research community," he added.

Bridget Treacy, leader of UK Privacy and Information Management practice at law firm Hunton & Williams, said: "This is an important development, particularly in the context of big data analytics.

"Organisations are seeking to use data in innovative ways, both for commercial and research purposes but there are significant legal restrictions when it comes to dealing with data that is deemed personal.

"If personal data is properly anonymised, these legal restrictions no longer apply, provided that third parties cannot identify individuals from the anonymised data."

Treacy added that the code addresses important legal issues surrounding anonymisation.

"Ensuring that data is properly anonymised, and not just 'masked', can be very difficult to achieve in practice, particularly as technology is constantly evolving.

"Organisations are often uncertain about the legal basis for the anonymisation process itself, and whether anonymised data might constitute personal data. The code deals with both of these issues," Treacy concluded.

The ICO also announced that a consortium comprising the University of Manchester, the University of Southampton, Office for National Statistics and the government's new Open Data Institute will run a new UK Anonymisation Network (UKAN).

Over the next two years UKAN will receive £15,000 in funding from the ICO to enable sharing of good practice related to anonymisation, across the public and private sectors.