A Privacy Governance Framework to Support De-identification
While technology is an important enabler of data de-identification, technology is not the end of the story. Effective de-identification at an enterprise level is as much about governance as it is about technology. Accounting for risk in a de-identification solution is critical to achieving the right level of de-identification and resulting data utility, which influences the analytic outcomes. Accordingly, to maximize outcomes, an organization must have efficient methods of measuring, monitoring and assuring the controls associated with each disclosure context. Organizations should establish a framework to manage re-identification risks holistically while enabling a wide range of data uses.
If you only apply technology to anonymize data, you miss out on a vital area of the overall strategy – the people and decisions behind the solution and the processes and procedures that instill consistency. Without these elements, you miss the tenets of governance – accountability, transparency, and applicability.
This paper provides an outline of a governance framework specifically supporting the implementation of de-identification within an enterprise. Key to this is understanding and managing the processes, the people, and the technology required for data governance strategy.