01 March 2011

Data Anonymisation

Data anonymisation is an issue in almost all software development teams who I have worked with. High-quality representative data is needed for all types of software testing, and forethought on how this may be produced, and the effort involved, is often overlooked in the rush to publish live code. This can be particularly problematic where the data contains more sensitive information such as personal data, where the use for testing may have not explicitly been given by the data subject.

Photograph of a station sign at Farringdon underground station (in Clerkenwell), showing the westbound tube train destinations of King's Cross/St. Pancras, Euston Square (on Euston Road) and Great Portland Street

Data anonymisation, along with encryption and tokenisation, are often misunderstood and wrongly thought to be a simple fix for some aspects of data protection. Also, it is not solely an issue for testing purposes; data may need to be anonymised for operational logging, reporting & statistical analysis, and during archival/warehousing of information at the end of its active life, but prior to final disposal. Care needs to be taken with data anonymisation, and therefore I was pleased to see the UK's Information Commissioner's Office will be holding a Seminar on Privacy and Data Anonymisation on 30th March 2011 to discuss different approaches, difficulties and risks.

Appropriately the event is being held at The Welcome Trust on Euston Road in London, since this is a particularly relevant topic in the medical sector. But don't dismiss the topic out-of-hand as only of use for "sensitive data". This affects all types of data — personal or not — and the provisional programme emphasizes this with contributions from the Cabinet Office, the Universities of Manchester and Southampton, the Office of National Statistics and the Market Research Society. Also speaking is Paul Ohm (University of Colorado) who I had mentioned in a previous posting about test data, and I'd recommend reading his paper I referenced there. Perhaps I would have liked to see a presentation from someone in the financial services sector too since, apart from being high-volume personal data processors, anonymisation can also play a part in fraud prevention.

The ICO wants to encourage representation at the seminar from a range of sectors, and asks for potential attendees to register their interest. I hope commercial trade organisations and other regulators will attend and participate.

Posted on: 01 March 2011 at 08:48 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
Data Anonymisation
http://www.clerkendweller.com/2011/3/1/Data-Anonymisation
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2011/3/1/Data-Anonymisation
Requested by 38.107.179.222 on Thursday, 17 May 2012 at 22:49 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2011-2012 clerkendweller.com