Regulators / Government
Canada
- Information and Privacy Commissioner of Ontario – De-Identification Guidelines for Structured Data – June 2016
- Health Canada – Public Release of Clinical Information – March 2019
United States
- Department of Health and Human Services – Guidance Regarding Methods for De-Identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule – November 2012
- Federal Committee on Statistical Methodology – Working Paper 22: Report on Statistical Disclosure Limitation Methodology – 2005
- California Health and Human Services Agency – Data De-Identification Guidelines – September 2016
Europe
- United Kingdom Information Commissioner’s Office (ICO) – Anonymisation: managing data protection risk code of practice – March 2015
- Ireland Data Protection Commission – Guidance on Anonymisation and Pseudonymisation – June 2019
- Norway Datatilsynet (Norwegian DPA) – A Guide to the Anonymisation of Personal Data – 2015
- Article 29 Working Party – Opinion 05/2014 on Anonymization Techniques – April 2014
- European Medicines Agency – External guidance on the implementation of the European Medicines Agency policy on the publication of clinical data for medicinal products for human use – November 2018
- (German only) Germany Federal Ministry for Economic Affairs and Industry – Code of Conduct for Pseudonymization – 2019
- (Spanish only) Spain Spanish Agency for Data Protection (AEPD) – Guidance and guarantees in the procedures on anonymization of personal data – 2016
Asia-Pacific
- Australia Office of the Australian Information Commissioner – De-identification and the Privacy Act – March 2018
- Australia (Queensland) Office of the Information Commissioner – Privacy and De-Identification – February 2019
- Australia (Victoria) Office of the Victoria Information Commissioner – Protecting unit-record level personal information – The limits of de-identification and the implications for the Privacy and Data Protection Act 2014 – May 2018
- Australia (Victoria) Victorian Centre for Data Insights – De-identification Guideline – February 2018
- Hong Kong Office of the Privacy Commissioner for Personal Data – Guidance on Personal Data Erasure and Anonymisation – April 2014
- Japan Personal Information Protection Commission Secretariat – Anonymously Processed Information: Towards Balanced Promotion of Personal Data Utilization and Consumer Trust – February 2017
- Korea Multiple Agencies – Guidelines for De-Identification of Personal Data – June 2016
- Singapore Personal Data Protection Commission
- New! Privacy Enhancing Technology (PET): Proposed Guide on Synthetic Data Generation – July 2024
- Guide to basic data anonymisation techniques – January 2018
- (Turkish only) Turkey Turkish Data Protection Authority – Guidelines on the Erasure, Destruction or Anonymization of Personal Data – November 2017 (summary here and here)
Standards Bodies
- NIST Internal Report (NISTIR) 8053 – De-Identification of Personal Information – October 2015
- NIST Special Publication (SP) 800-188: De-Identifying Government Data Sets – December 2016
- NIST Privacy Engineering Collaboration Space – De-Identification Tools – June 2019
- ISO/IEC 20889:2018 – Privacy enhancing data de-identification terminology and classification of techniques – 2018
- ISO 25237:2017 – Health Informatics – Pseudonymization – January 2017
NGOs, Not-for-Profit Organizations, etc.
Canada
- Health System Use Technical Advisory Committee Data De-Identification Working Group – ‘Best Practice’ Guidelines for Managing the Disclosure of De-Identified Health Information – October 2010
- CHEO Research Institute – Pan-Canadian De-Identification Guidelines for Personal Health Information – April 2007
United States
- Health Information Trust Alliance (HITRUST) – De-Identification Framework – March 2015
- Future of Privacy Forum – A Visual Guide to Practical De-identification – April 2016
- EDUCAUSE – Guidelines for Data De-identification or Anonymization – July 2015
- National Academy of Medicine (formerly Institute of Medicine) Sharing Clinical Trial Data: Maximizing Benefits, Minimizing Risk – January 2015
- TransCelerate BioPharma – De-Identification and Anonymization of Individual Patient Data in Clinical Studies – 2016
- DataSF (City and County of San Fransisco’s Official Open Data Portal) – Open Data Release Toolkit – November 2016
Europe
- UK Anonymisation Network – Anonymisation Decision-making Framework – 2016
- Pharmaceutical Users Software Exchange – PhUSE De-identification Standards – 2015
- Pharmaceutical Users Software Exchange – PhUSE Data Transparency Workstream: A Global View of the Clinical Transparency Landscape – Best Practices Guide (May 2020)
- UK Medical Research Council Guidance Note 5 – Identifiability, Anonymisation and Pseudonymisation – September 2019
Asia-Pacific
- Australia National Data Service – ANDS De-Identification Guide – April 2018
- Australia Data61 / Commonwealth Scientific and Industrial Research Organization – The De-Identification Decision-Making Framework – September 2017
Global
- World Bank / International Household Survey Network – Statistical Disclosure Control for Microdata – A Practice Guide | A Theory Guide – October 2019