In order to provide guidelines to support the implementation of these techniques, AEPD has published together with the guide " Guidance on data protection in the reuse of public sector information "’, document" Guidelines and guarantees in anonimización of personal data "that explains in detail how to hide or disguise dissociate, personal data in order to eliminate or minimize the risks of reidentificación anonymized data.
This enables its dissemination by ensuring that there is no violation of the rights to data protection of persons or organizations which do not wish to be identified, or that have developed as a condition of anonymity to transfer your data for publication.
- Definition of the task force detailing the functions of each profile, and ensuring, to the extent possible, that each member to perform its tasks independently from the rest. This prevents an error in a level be reviewed and approved in a different level by the same actors.
- Risk analysis to manage the risks resulting from the principle that no anonimización technique can guarantee in absolute terms the impossibility of reidentificación.
- Definition of objectives and purpose of the anonymized information.
- Preanonimización, elimination/reduction of variables and cryptographic anonimización through techniques such as Hash algorithms, encryption algorithms, time stamp, layers of anonimización, etc.
- Establishment of a map of information systems that ensure segregated environments for each processing of personal data that will entail the separation of staff to get such information.
Finally the document notes the importance of education and training of staff involved in the processes of anonimización and working with and provides anonymized data as fundamental regular audits of the policies of anonimización, which should be documented.
Original source of news (datos.gob.es)
Original source of news (AEPD)