Re: ACTION-406: Propose a new set of names around yellow state

s/fully de-identified (red state)/fully de-identified (GREEN state)/

sorry for typo. Green is fully de-identified.

Rob

Rob van Eijk schreef op 2013-05-27 12:01:
> For the PII definition, I use the ISO 29100 (privacy framework) 
> definition.
> 
> We discussed a 3 state process of de-identification at the last F2F.
> In order to take away any confusion on the difference between partly
> de-identified (yellow state) and fully de-identified (red state), I
> propose the following text:
> 
> <TEXT>
> In terms of unlinkability versus de-identification it remains
> important to seperate the two concepts:
> - de-identification helps in the event of a data breach, when a
> dataset is out on the street due to e.g a databreach. It is a way to
> address the reasonable requirements of an adequate level of
> protection.
> - an adequate level of protection is completely different from
> unlinkability. Unlinkability is connected to the notion of personally
> identifieable information (PII).
> 
> This standard refers to the ISO 29100 (privacy framework) definition
> of personally identifiable information (PII):
> any information that (a) can be used to identify the PII principal to
> whom such information relates, or (b) is or might be directly or
> indirectly linked to a PII principal.
> NOTE To determine whether a PII principal is identifiable, account
> should be taken of all the means which can reasonably be used by the
> privacy stakeholder holding the data, or by any other party, to
> identify that natural person.
> 
> The red state data may contain (a) and (b). In order to go from the
> red state to the yellow state, direct identifiable information MUST be
> removed, e.g. an email address or a phone number.
> The yellow state data is partly de-identified, and MAY contain
> information indirectly linked to an individual, computer or device,
> e.g. a linkable unique identifier or a hashed pseudonym.
> The green state data is fully de-identified data and SHOULD NOT
> contain personally identifiable information (PII). Any risk for
> re-identification of fully de-identified data MUST be regularly
> assessed and mitigated through Privacy Risk Management.
> </TEXT>

Received on Monday, 27 May 2013 10:15:50 UTC