The PDPC has published a new Guide on Basic Anonymisation to provide more practical guidance for businesses on how to appropriately perform basic anonymisation and de-identification of various datasets through a simple 5-step anonymisation process.
Nice clarifications (Singapore):
Anonymisation
- refers to the conversion of personal data into data that cannot be used to identify any individual. PDPC views anonymisation as a risk-based process, which includes applying both anonymisation techniques and safeguards to prevent re-identification.
De-identification
- refers to the removal of identifiers (e.g. name, address, National Registration Identity Card (NRIC) number) that directly identify an individual.
De-identification is sometimes mistakenly equated to anonymisation, however it is only the first step of anonymisation. A de-identified dataset may easily be re-identified when combined with data that is publicly or easily accessible.
Re-identification
- refers to the identification of individuals from a dataset that was previously de-identified or anonymised.