Citation[]
Information Commissioner’s Office, Anonymisation: Managing Data Protection Risk, Code of Practice (2012) (full-text).
Overview[]
This code of practice provides guidance as to the ways in which data may be rendered anonymous and retained in a form in which identification of the data subject is no longer possible.
The code explains the issues surrounding the anonymisation of personal data, and the disclosure of data once it has been anonymised. It explains the relevant legal concepts and tests in the Data Protection Act 1998 (DPA). The code provides good practice advice that will be relevant to all organisations that need to convert personal data into a form in which individuals are no longer identifiable. We use the term "anonymised data" to refer to data that does not itself identify any individual and that is unlikely to allow any individual to be identified through its combination with other data.