84,211
edits
Pseudonymised data: Difference between revisions
Jump to navigation
Jump to search
no edit summary
Amwelladmin (talk | contribs) No edit summary |
Amwelladmin (talk | contribs) No edit summary |
||
| Line 11: | Line 11: | ||
So putting in words JC understands: | So putting in words JC understands: | ||
*If you anonymise data — switch out all references to someone identifiable IRL with unique identifiers, randomised numbers and so on so that there is no possibility of anyone reverse engineering who the individuals are | *If you anonymise data — switch out all references to someone identifiable IRL with unique identifiers, randomised numbers and so on so that there is no possibility of anyone — whether inside your organisation of outside it — reverse engineering who the individuals are, then you are ''not'' processing personal data. | ||
*If you ''pseudonymise'' data — which is to anonymise it as per above but separately hold some kind of key which decodes it into something | *If you ''pseudonymise'' data — which is to anonymise it as per above but separately hold some kind of key which decodes it into something identifiable, then it still counts as personal data. If you are a third party given pseudonymised data, even though in your hands it is anonymous, seeing as someone else could reverse engineer it, it is still, in your hands, pseudonymised. This seems a bit harsh, but the risk is you (and the person holding the “key”) suffer some data breach or something like that. | ||
{{sa}} | {{sa}} | ||
*[[Personal data]] | *[[Personal data]] | ||
*{{plainlink|https://ico.org.uk/media/about-the-ico/consultations/4019579/chapter-3-anonymisation-guidance.pdf|ICO guidance}} | *{{plainlink|https://ico.org.uk/media/about-the-ico/consultations/4019579/chapter-3-anonymisation-guidance.pdf|ICO guidance}} | ||