De-Identification as Public Policy
Journal of Data Protection & Privacy 3(3): 1-18
30 Pages Posted: 19 Aug 2020
Date Written: October 1, 2019
Canada’s data privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), does not require or incentivize de-identification of personal data for purposes of sharing or research. This regulatory lacuna puts Canadian national law at a disadvantage in contrast with the privacy regimes of other countries, such as the United Kingdom, Australia and the United States, all of whom have regulatory language requiring or incentivizing de- identification by custodians of personal data. This report was commissioned by the Office of the Privacy Commissioner of Canada in service of eventual reform of PIPEDA to include de- identification. The report addresses terminology, definitions, key debates and policy in other jurisdictions. It recommends legal reform, specific regulatory actions, and investigation of emerging policy strategies and lists remaining open questions for the development of a national Canadian de-identification policy. Chief among these recommendations is a reorientation from a regulatory focus on ‘outputs’ (‘Is the dataset rendered anonymous?’) to a focus on ‘process’ (‘Has the data custodian taken proper steps to reduce identification and privacy risks?’). In part, this is based on a rejection of the possibility of ‘irreversible anonymization’. Relatedly, the report argues for requiring a risk management approach to de-identification and for the discouragement of the ‘release-and- forget’ model of data disclosure, which relies only on data transformations while ignoring technical, physical, administrative and contractual controls.
Keywords: de-identification, data protection, privacy, information policy, PIPEDA, Canadian law, anonymity, public policy
Suggested Citation: Suggested Citation