Singapore PDPC: Guide to Basic Anonymisation (2022)

The PDPC has published a new Guide on Basic Anonymisation to provide more practical guidance for businesses on how to appropriately perform basic anonymisation and de-identification of various datasets through a simple 5-step anonymisation process.

https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Advisory-Guidelines/Guide-to-Basic-Anonymisation-31-March-2022.ashx

Nice clarifications (Singapore):

Anonymisation

  • refers to the conversion of personal data into data that cannot be used to identify any individual. PDPC views anonymisation as a risk-based process, which includes applying both anonymisation techniques and safeguards to prevent re-identification.

De-identification

  • refers to the removal of identifiers (e.g. name, address, National Registration Identity Card (NRIC) number) that directly identify an individual.
    De-identification is sometimes mistakenly equated to anonymisation, however it is only the first step of anonymisation. A de-identified dataset may easily be re-identified when combined with data that is publicly or easily accessible.

Re-identification

  • refers to the identification of individuals from a dataset that was previously de-identified or anonymised.