June Change Proposal, de-identified

This is ISSUE-188

The definition of de-identified does not capture the discussion
we had on list regarding anonymous data and the unnecessary
burden of contracts.  It also uses old terms like "consumer"
and "computer" that we don't need, and is phrased in terms of
the process of de-identification (what a party must do) rather
than the state of the data after de-identification has completed.

Existing text in Sec 2.8:
============================
Data is deidentified when a party:

 1. has achieved a reasonable level of justified confidence that the data cannot be used to infer information about, or otherwise be linked to, a particular consumer, computer, or other device;
 2. commits to try not to reidentify the data; and
 3. contractually prohibits downstream recipients from trying to re-identify the data.
============================


Replacement:
============================
A data set is considered de-identified when there exists a reasonable level of justified confidence that the data within it cannot be used to infer information about, or otherwise be linked to, a particular user.
============================

....Roy

Received on Wednesday, 26 June 2013 08:16:48 UTC