- From: Rob van Eijk <rob@blaeu.com>
- Date: Mon, 27 May 2013 12:15:21 +0200
- To: <public-tracking@w3.org>
s/fully de-identified (red state)/fully de-identified (GREEN state)/ sorry for typo. Green is fully de-identified. Rob Rob van Eijk schreef op 2013-05-27 12:01: > For the PII definition, I use the ISO 29100 (privacy framework) > definition. > > We discussed a 3 state process of de-identification at the last F2F. > In order to take away any confusion on the difference between partly > de-identified (yellow state) and fully de-identified (red state), I > propose the following text: > > <TEXT> > In terms of unlinkability versus de-identification it remains > important to seperate the two concepts: > - de-identification helps in the event of a data breach, when a > dataset is out on the street due to e.g a databreach. It is a way to > address the reasonable requirements of an adequate level of > protection. > - an adequate level of protection is completely different from > unlinkability. Unlinkability is connected to the notion of personally > identifieable information (PII). > > This standard refers to the ISO 29100 (privacy framework) definition > of personally identifiable information (PII): > any information that (a) can be used to identify the PII principal to > whom such information relates, or (b) is or might be directly or > indirectly linked to a PII principal. > NOTE To determine whether a PII principal is identifiable, account > should be taken of all the means which can reasonably be used by the > privacy stakeholder holding the data, or by any other party, to > identify that natural person. > > The red state data may contain (a) and (b). In order to go from the > red state to the yellow state, direct identifiable information MUST be > removed, e.g. an email address or a phone number. > The yellow state data is partly de-identified, and MAY contain > information indirectly linked to an individual, computer or device, > e.g. a linkable unique identifier or a hashed pseudonym. > The green state data is fully de-identified data and SHOULD NOT > contain personally identifiable information (PII). Any risk for > re-identification of fully de-identified data MUST be regularly > assessed and mitigated through Privacy Risk Management. > </TEXT>
Received on Monday, 27 May 2013 10:15:50 UTC