When to use this
Use this assessment when data is claimed to be anonymised or when combinations of fields may still identify individuals.
Related controls
Assessment
| Data set | Direct identifiers removed? | Quasi-identifiers | External data available? | Re-identification likelihood | Mitigation | Decision |
|---|---|---|---|---|---|---|
| TBD | Yes/No | Postcode/date/role/rare attribute | Yes/No | Low/Medium/High | TBD | Use/rework/reject |
Minimum checks
- Direct identifiers are identified.
- Quasi-identifiers are assessed.
- Reasonably available external data is considered.
- Re-identification likelihood is documented.
- Mitigations are applied or the use case is rejected.
- Template
- Iso27001
- Technological controls
- Privacy
- Data masking
Note Metadata
Aliases: Anonymisation Risk Assessment
Source: 90 Templates/Re-Identification Risk Assessment.md