U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 800-188 (Draft)

De-Identifying Government Datasets (2nd Draft)

Date Published: December 2016
Comments Due: December 31, 2016 (public comment period is CLOSED)
Email Questions to: sp800-188-draft@nist.gov

Author(s)

Simson Garfinkel (NIST)

Announcement

De-identification removes identifying information from a dataset so that the remaining data cannot be linked with specific individuals. Government agencies can use de-identification to reduce the privacy risk associated with collecting, processing, archiving, distributing or publishing government data. Previously NIST published NISTIR 8053, De-Identification of Personal Information, which provided a survey of de-identification and re-identification techniques. This document provides specific guidance to government agencies that wish to use de-identification.

In developing the draft Privacy Risk Management Framework, NIST sought the perspectives and experiences of de-identification  experts both inside and outside the US Government.

Future areas of work will focus on developing metrics and tests for de-identification software, as well as working with industry and academia to make algorithms that incorporate formal privacy guarantees usable for government de-identification activities. Collected input will be used to correct technical errors and expand areas that are unclear.

Abstract

Keywords

privacy; de-identification; re-identification; Disclosure Review Board; data life cycle; the five safes; k-anonymity; differential privacy; pseudonymization; direct identifiers; quasi-identifiers; synthetic data
Control Families

Program Management; Risk Assessment; System and Communications Protection

Documentation

Publication:
Draft SP 800-188

Supplemental Material:
Comment Template (word)

Related NIST Publications:
NISTIR 8053

Document History:
08/25/16: SP 800-188 (Draft)
12/15/16: SP 800-188 (Draft)

Topics

Security and Privacy
privacy

Laws and Regulations
E-Government Act