|
Work item:
|
X.rdda
|
|
Subject/title:
|
Requirements for data de-identification assurance
|
|
Status:
|
[Carried to next study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
-
|
|
Liaison:
|
ISO/IEC JTC 1/SC 27/WG5, ISO/IEC JTC 1/WG9
|
|
Supporting members:
|
-
|
|
Summary:
|
De-identified data has the risk to identify individuals. De-identified data would be required to assess the data infringement threat. The specific level of de-identification would be selected for the re-identification risk assessment. The de-identification level can be varied based on the followings:
- What is the purpose for? (e.g., public purpose, analysis, research, etc.)
- Who is using? (e.g., restricted user, public user, the third party, etc.)
- Range of release? (e.g., Public release model, Semi-public release model and Non-public release model)
-
The recommendation includes as followings:
Firstly, the de-identification assurance level by mapping between de-identification technique and possibility of re-identification.
Secondly, the requirement of de-identified dataset assurance level. Re-identification risk can be dependent on the usage purpose of data. For example, when several datasets are combined, it should be de-identified because of the increase of the re-identification possibility.
Finally, it provides the requirements for the assurance level and the consideration for re-identification risk by release models.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2019-02-01 11:33:20
|
|
Last update:
2021-09-09 13:47:43
|
