Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-188 (DRAFT)

De-Identifying Government Datasets

Date Published: August 2016
Comments Due: September 26, 2016 (public comment period is CLOSED)
Email Questions to: sp800-188-draft@nist.gov

Withdrawn: December 15, 2016

Author(s)

Simson Garfinkel (NIST)

Announcement

NIST Requests Comments on a Draft Special Publication regarding the De-Identification of Government Datasets

De-identification removes identifying information from a dataset so that the remaining data cannot be linked with specific individuals. Government agencies can use de-identification to reduce the privacy risk associated with collecting, processing, archiving, distributing or publishing government data. Previously NIST published NISTIR 8053, De-Identification of Personal Information, which provided a survey of de-identification and re-identification techniques. This document provides specific guidance to government agencies that wish to use de-identification.

In developing the draft Privacy Risk Management Framework, NIST sought the perspectives and experiences of de-identification experts both inside and outside the US Government.

Future areas of work will focus on developing metrics and tests for de-identification software, as well as working with industry and academia to make algorithms that incorporate formal privacy guarantees usable for government de-identification activities.

Abstract

Keywords

de-identification; re-identification; Disclosure Review Board; data life cycle; the five safes; k-anonymity; differential privacy; pseudonymization; direct identifiers; quasi-identifiers; privacy; synthetic data
Control Families

Program Management; Risk Assessment; System and Communications Protection;

Documentation

Publication:
Draft (1st) SP 800-188

Supplemental Material:
None available

Related NIST Publications:
NISTIR 8053

Document History:
Draft SP 800-188 (8/25/16)
Draft SP 800-188 (12/15/16)

Topics

Security and Privacy
privacy

Laws and Regulations
E-Government Act