NIST requests comments on an initial public draft of NIST Internal Report (NISTIR) 8053, De-identification of Personally Identifiable Information. This document describes terminology, process and procedures for the removal of personally identifiable information (PII) from a variety of electronic document types.
Background:
This draft results from a NIST-initiated review of techniques that have been developed for the removal of personally identifiable information from digital documents. De-identification techniques are widely used to removal of personal information from data sets to protect the privacy of the individual data subjects. In recent years many concerns have been raised that de-identification techniques are themselves not sufficient to protect personal privacy, because information remains in the data set that makes it possible to re-identify data subjects.
We are soliciting public comment for this initial draft to obtain feedback from experts in industry, academia and government that are familiar with de-identification techniques and their limitations.
Comments will be reviewed and posted on the CSRC website. We expect to publish a final report based on this round of feedback. The publication will serve as a basis for future work in de-identification and privacy in general.
Note to Reviewers:
NIST requests comments especially on the following:
- Is the terminology that is provided consistent with current usage?
- Since this document is about de-identification techniques, to what extent should it discuss differential privacy?
- To what extent should this document be broadened to include a discussion of statistical disclosure limitation techniques?
- Should the glossary be expanded? If so, please suggest words, definitions, and appropriate citations?
Questions? Send email to: draft-nistir-deidentify@nist.gov Comment period CLOSED on: May 15, 2015.
