Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Singapore: PDPC publishes guide on basic anonymisation

The Personal Data Protection Commission ('PDPC') published, on 31 March 2022, a Guide on Basic Anonymisation, which aims to provide practical guidance for businesses on how to appropriately perform basic anonymisation and de-identification of various datasets. In particular, the guide outlines basic anonymisation concepts and use cases and sets out a five-step process which involves:

  • knowing the personal data records being held, particularly the data attributes and the varying degrees of identifiability and sensitivity to an individual;
  • de-identifying personal data by removing direct identifiers and assigning pseudonyms;
  • applying anonymisation techniques such as record suppression, attribute suppression, character masking, generalisation, and data perturbation;
  • computing the risk of re-identification, particularly in relation to long-term data retention and internal and external data sharing; and
  • managing re-identification and disclosure risks by implementing technical and process controls, incorporating such risks into incident management plans, and adopting legal controls.

In this regard, the guide further contains five annexes, covering basic anonymisation techniques, common data attributes, re-identification risk assessments, and anonymisation tools.

You can read the press release here and the guide here.

Feedback