ICO clears release of anonymised data - with caveats

Public bodies and others will receive the green light to publish anonymised personal data even when the individual concerned could in theory by re-identified if a code of practice published by the Information Commissioner's Office (ICO) is adopted. The code, which promises to resolve the clash between open data and privacy, is currently open for public consultation.

Christopher Graham, the information commissioner said in a press statement that he welcomed the open data agenda. "However, while the public wants to see openness, they want to see their privacy rights respected too. The risks of anonymisation can sometimes be underestimated and in other cases overstated; organisations need to be aware of what those risks are and take a structured approach to assessing them, particularly in light of other personal information in the public domain."

He said the code would "provide clear, practical advice on how data can be anonymised."

The ICO's move follows a report commissioned by the Cabinet Office which last year warned that there was no technical way to prevent data being "de-anonymised".

The ICO's guidelines say that data protection principles do not apply to data "rendered anonymous in such a way that the data subject is no longer identifiable". However they concede that the risk of re-identification through data-linkage is unpredictable "because it can never be known what data is already available or what data may be released in the future".

The guidelines propose a "motivated intruder" test for assessing the risk of releasing a particular set of data. This would be a tougher test than merely asking whether an inexpert member of the public could identify an individual - for example by matching data with the electoral roll - but less strict than considering whether "someone with access to a great deal of specialist expertise, analytical power or prior knowledge" could achieve de-anonymisation.

Last year a report for the Cabinet Office, Transparent Government, Not Transparent Citizens, by Professor Kieron O'Hara of Southampton University, warned of the ability to identify individuals from anonymised data "jigsaw identification", saying "there are no complete legal or technical fixes to the deanonymisation problem".

ICO consultation http://www.ico.gov.uk/about_us/consultations/our_consultations.aspx