ICO Code on Anonymisation

November 20, 2012

The ICO published its data protection code of practice on managing the risks related to anonymisation on 20 November. The code explains how to protect the privacy rights of individuals while providing rich sources of data.

The code comes at a time when the UK is putting more and more anonymised data into the public domain, with the government’s open data agenda allowing people to find out more than ever about the performance of public services and holding public bodies to account.

Announcing the publication of the code of practice Christopher Graham, UK Information Commissioner, said:

‘We have published our code of practice on managing the data protection risks related to anonymisation to provide a framework for practitioners to use when considering whether to produce anonymised information. The code also aims to bring a greater consistency of approach and to show what we expect of organisations using this data. Failure to anonymise personal data correctly can result in enforcement action from the ICO. However we recognise that anonymised data can have important benefits, increasing the transparency of government and aiding the UK’s widely regarded research community. We hope today’s guidance helps practitioners to protect privacy and enable the use of data in exciting and innovative ways. We would also like to thank those people who took part in our recent consultation and helped today’s code of practice become a reality.’

The ICO has also announced that a consortium led by the University of Manchester, with the University of Southampton, Office for National Statistics and the government’s new Open Data Institute (ODI), will run a new UK Anonymisation Network (UKAN). The Network will receive £15,000 worth of funding from the ICO over the next two years to enable sharing of good practice related to anonymisation, across the public and private sector. The network will include a web site, case studies, clinics and seminars.

The new code contains a framework to enable practitioners to assess the risks of anonymisation related to data protection and identification of individuals. It also includes examples of how successful anonymisation can be achieved. This includes an explanation of how personal data can be anonymised for medical research purposes, how individuals’ information can be anonymised when responding to Freedom of Information requests, and how customers’ data can be anonymised to help market researchers analyse people’s purchasing habits.

For the ICO topic guide on anonymisation, click here. For the code in full, click here.