SummaryDe-identified data incurs the risk of re-identifying individuals. It is therefore important to assess the threat of de-identified data being used to identify individuals through re-identification methods. De‑identification methods, which can be used for re-identification risk assessment, may be selected according to the following considerations: – Data risk assessment: Data composition, data distribution, possession of other data; – Data use environment risk assessment: Confidence level of data recipient, impact during re-identification, inadvertent re-identification; – Using and managing de-identification data: Security measures for de-identification data, monitoring of re-identification possibilities, compliance with de-identification data provision or consignment contracts. This Supplement defines data de-identification assurance. It also provides a set of requirements for managing data de-identification assurance, including data risk assessment, risk assessment of the data use environment, and using and managing de-identified data. |