Thursday, 22 November 2012

My edited comments on the ICO’s Anonymisation Code

Yesterday, I explained that I had been asked by a professional journal to comment on the ICO’s recently published Code of Practice on Anonymisation, and that I would report back on the extent to which my comments were finally quoted.

Well, today I can report that they’ve been published. An extremely skilled editor has carefully reduced my text by 50% and has come up with something clean, crisp and compelling. It’s certainly better than my original version – and it targets a more professional audience, too.

For those who are keen to know just what was cut, here is what happened:

"The document may be 108 pages long, but it is quite easy to read
. There’s plenty of white space and nice photos, with key points highlighted in coloured boxes. Readers with a statistical background will get more out of the Annexes than Data Protection Officers who gave up maths at school as soon as they possibly could.

It’s refreshing to learn how to anonymise data effectively, thus ensuring that it falls outside the ICO’s remit. No breach reporting requirements, here!

My only quibble is whether the document really is a Code of Practice. I’ve been brought up to believe that Codes are relatively short regulatory mechanisms that set out what it is that needs to be done. Not a lot more, not a lot less.

But this document is far more than that [a Code of Practice] – it’s quite a comprehensive (and extremely useful) briefing manual on anonymisation, setting out the regulatory landscape, and drawing attention to a range of techniques to anonymise data, with case studies illustrating how this anonymised data can subsequently be used.

A number of pages are deliberately blank, and some are coloured gold. So ask yourself whether you really need to print the entire document, before doing so."

I like it. So I do hope I get asked to comment again, in this manner. My views always seem better when given a decent pruning.