NIST has released the third public draft of NIST Special Publication (SP) 800-188, De-Identifying Government Data Sets, for public comment.
De-identification removes identifying information from a data set so that the remaining data cannot be linked to specific individuals. Government agencies can use de-identification to reduce the privacy risks associated with collecting, processing, archiving, distributing, or publishing government data. Previously, NIST published NIST Internal Report (IR) 8053, De-Identification of Personal Information, which provided a survey of de-identification and re-identification techniques. This document provides specific guidance to government agencies that wish to use de-identification.
Six years have passed since NIST released the second draft of SP 800-188. During this time, there have been significant developments in privacy technology, specifically in the theory and practice of differential privacy. While this draft reflects some of those advances, it remains focused on de-identification, as differential privacy is still not sufficiently mature to be used by many government agencies. Where appropriate, this document cautions users about the inherent limitations of de-identification when compared to formal privacy methods, such as differential privacy.
The public comment period is open through January 15, 2023. See the publication details for a copy of the draft and instructions for submitting comments.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
