Ontario privacy commissioner expands de-identification guidelines for structured data

Topics include data transformation techniques, utility measuring methods
Ontario privacy commissioner expands de-identification guidelines for structured data

The Office of the Information and Privacy Commissioner of Ontario (IPC) has announced an update to its de-identification guidelines for structured data, which aim to assist in maximizing the benefits of data while safeguarding privacy. 

“Our updated de-identification guidelines give organizations the tools they need to de-identify, use, and share data responsibly, maximizing its utility for research, innovation, and the public good, while also minimizing privacy risks for the people we serve,” said Patricia Kosseim, Ontario’s information and privacy commissioner, in a news release. 

In its news release, the IPC shared that the expanded guidelines include step-by-step processes, practical tools, checklists, fact sheets, case studies, and topics such as de-identification terminology, data transformation techniques, documentation requirements, and data utility measuring methods. 

Recent Articles

Legal leads list of company departments using artificial intelligence: Harmonic report
Locking the war chest: Certificates of pending litigation in modern practice
OCC calls for clear criteria in Defence, Security and Resilience Bank headquarters location choice

The IPC added that the update seeks to: 

  • Identify steps to apply de-identification confidently and responsibly 
  • Provide operational guidance focusing on interoperability 
  • Consider emerging international standards and regulatory developments 
  • Enable the province to keep up with global best practices in data privacy and governance 
  • Help the IPC be an effective regulator across its strategic priority areas: privacy and transparency in the modern government, children and youth in a digital world, trust in digital health, and next-generation law enforcement 

The IPC’s news release highlighted the need to promote public trust, given the swift technological advances and the rising reliance on data to support innovation and improve public services. 

“Data has the incredible power to transform our world for the better,” Kosseim said in the news release. “But without strong privacy safeguards, the public’s trust will not follow.” 

In its news release, the IPC urged public sector institutions across the province to review the updated guidelines. 

Development

The IPC’s news release said the expansion drew upon comprehensive consultations with interested parties and insights from scholars and practitioners. 

The IPC added that the update aims to reflect emerging privacy risks, lessons gained from practical application, the changing regulatory environment, and privacy-enhancing technological developments since the original edition’s publication in 2016. 

The IPC noted in its news release that its scholar-in-residence, Dr. Khaled El Emam, helped develop the guidelines, which the IPC dubbed as globally recognized. 

Those interested can learn more about the updated and expanded guidelines here