Supplement 39 to ITU-T X-series Recommendations (09/2023) ITU-T X.1148 – Supplement on requirements for data de-identification assurance
Summary
History
FOREWORD
Table of Contents
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2 Terms defined in this Supplement
4 Abbreviations and acronyms
5 Conventions
6 Overview
     6.1 Concept of de-identified data
     6.2 When to use de-identified data
     6.3 Data re-identification attack type
     6.4 Re-identification risk
     6.5 Adequacy assessment of de-identified data
7 Security requirements for data de-identification assurance
8 Requirements for data risk assessment
     8.1 Data composition
     8.2 Data distribution
     8.3 Possession of other relevant data
9 Requirements for risk assessment of de-identified data use environment
     9.1 Confidence level of data recipients
     9.2 Impact of re-identification
     9.3 Inadvertent re-identification
10 Requirements for using and managing de-identified data
     10.1 Security measures for de-identified data
     10.2 Monitoring of re-identification possibilities
     10.3 Compliance with de-identified data provision or consignment contract
Appendix I   Data re-identification risk measurement and context re-identification measurement [b-IPCO]
     I.1 Data re-identification risk measurement
     I.2 Measurement of context re-identification risk
          I.2.1 Public data releases
          I.2.2 Non-public data releases
          I.2.3 Semi-public data release
Bibliography