CANON – Canadian Anonymization Network

Website
https://deidentify.ca/

Report “Practices for Generating Non-identifiable Data” (March 2021)
https://deidentify.ca/wp-content/uploads/2021/08/CANON-OPC-Project-Final-Report-v9.pdf

The CANON website includes an excellent list of external resources at https://deidentify.ca/resources/, including

Standards Bodies

• NIST Privacy Engineering Collaboration Space – De-Identification Tools – June 2019
• ISO/IEC 20889:2018 – Privacy enhancing data de-identification terminology and classification of techniques – 2018
• ISO 25237:2017 – Health Informatics – Pseudonymization – January 2017
• NIST Special Publication (SP) 800-188: De-Identifying Government Data Sets – December 2016
• NIST Internal Report (NISTIR) 8053 – De-Identification of Personal Information – October 2015

Regulators / Government

Canada

• Health Canada – Public Release of Clinical Information – March 2019
• Information and Privacy Commissioner of Ontario – De-Identification Guidelines for Structured Data – June 2016

Europe

Ireland Data Protection Commission – Guidance on Anonymisation and Pseudonymisation – June 2019

(German only) Germany Federal Ministry for Economic Affairs and Industry – Code of Conduct for Pseudonymization – 2019

European Medicines Agency – External guidance on the implementation of the European Medicines Agency policy on the publication of clinical data for medicinal products for human use – November 2018

(Spanish only) Spain Spanish Agency for Data Protection (AEPD) – Guidance and guarantees in the procedures on anonymization of personal data – 2016

• United Kingdom Information Commissioner’s Office (ICO) – Anonymisation: managing data protection risk code of practice – March 2015
• Norway Datatilsynet (Norwegian DPA) – A Guide to the Anonymisation of Personal Data – 2015
• Article 29 Working Party – Opinion 05/2014 on Anonymization Techniques – April 2014

Asia-Pacific

• Australia (Queensland) Office of the Information Commissioner – Privacy and De-Identification – February 2019
• Australia (Victoria) Office of the Victoria Information Commissioner – Protecting unit-record level personal information – The limits of de-identification and the implications for the Privacy and Data Protection Act 2014 – May 2018
• Australia Office of the Australian Information Commissioner – De-identification and the Privacy Act – March 2018
• Australia (Victoria) Victorian Centre for Data Insights – De-identification Guideline – February 2018
• Hong Kong Office of the Privacy Commissioner for Personal Data – Guidance on Personal Data Erasure and Anonymisation – April 2014
• Japan Personal Information Protection Commission Secretariat – Anonymously Processed Information: Towards Balanced Promotion of Personal Data Utilization and Consumer Trust – February 2017
• Korea Multiple Agencies – Guidelines for De-Identification of Personal Data – June 2016
• Singapore Personal Data Protection Commission
  • Guide to basic data anonymisation techniques – January 2018
  • Advisory Guidelines on the Personal Data Protection Act for Selected Topics – Chapter 3, Anonymisation – August 2018
• (Turkish only) Turkey Turkish Data Protection Authority – Guidelines on the Erasure, Destruction or Anonymization of Personal Data – November 2017 (summary here and here)

United States

• California Health and Human Services Agency – Data De-Identification Guidelines – September 2016
• Department of Health and Human Services – Guidance Regarding Methods for De-Identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule – November 2012
• Federal Committee on Statistical Methodology – Working Paper 22: Report on Statistical Disclosure Limitation Methodology – 2005

NGOs, Not-for-Profit Organizations, etc.

Canada

• Health System Use Technical Advisory Committee Data De-Identification Working Group – ‘Best Practice’ Guidelines for Managing the Disclosure of De-Identified Health Information – October 2010
• CHEO Research Institute – Pan-Canadian De-Identification Guidelines for Personal Health Information – April 2007

United States

• TransCelerate BioPharma – De-Identification and Anonymization of Individual Patient Data in Clinical Studies – 2016
• DataSF (City and County of San Fransisco’s Official Open Data Portal) – Open Data Release Toolkit – November 2016

Future of Privacy Forum – A Visual Guide to Practical De-identification – April 2016

EDUCAUSE – Guidelines for Data De-identification or Anonymization – July 2015

National Academy of Medicine (formerly Institute of Medicine) Sharing Clinical Trial Data: Maximizing Benefits, Minimizing Risk – January 2015

Health Information Trust Alliance (HITRUST) – De-Identification Framework – March 2015

Europe

• Pharmaceutical Users Software Exchange – PhUSE Data Transparency Workstream: A Global View of the Clinical Transparency Landscape – Best Practices Guide (May 2020)
• UK Medical Research Council Guidance Note 5 – Identifiability, Anonymisation and Pseudonymisation – September 2019
• UK Anonymisation Network – Anonymisation Decision-making Framework – 2016
• Pharmaceutical Users Software Exchange – PhUSE De-identification Standards – 2015

Asia-Pacific

• Australia National Data Service – ANDS De-Identification Guide – April 2018
• Australia Data61 / Commonwealth Scientific and Industrial Research Organization – The De-Identification Decision-Making Framework – September 2017

Global

• World Bank / International Household Survey Network – Statistical Disclosure Control for Microdata – A Practice Guide | A Theory Guide – October 2019