ICO confirms that personal data can be properly anonymised to avoid legal compliance
Personal data can be properly anonymised so that organisations do not have to comply with data-protection laws, the Information Commissioner’s Office (ICO) has confirmed.
This means organisations such as hospitals can publish information and research without falling foul of the Data Protection Act 1998.
So long as no individual can be recognised from the information when read together with information that has already been published, data protection laws will not apply, the ICO makes clear in its draft anonymisation code of practice. A consultation on the code, which offers guidance and practical advice, will run until 23 August 2012.
Tom Morrison, partner at Rollits, says the code of practice would be useful for all organisations that hold personal data.
“Organisations will have to ask themselves if the information is truly anonymous. The code explores the process in detail and will help people to structure their thinking. If you can show you did your best to follow the code, then the Commissioner is more likely to be sympathetic if things do go wrong.”