Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-188 (DRAFT)

De-Identifying Government Datasets (2nd Draft)

Date Published: December 2016
Comments Due: December 31, 2016 (public comment period is CLOSED)
Email Questions to:


Simson Garfinkel (NIST)


De-identification removes identifying information from a dataset so that the remaining data cannot be linked with specific individuals. Government agencies can use de-identification to reduce the privacy risk associated with collecting, processing, archiving, distributing or publishing government data. Previously NIST published NISTIR 8053, De-Identification of Personal Information, which provided a survey of de-identification and re-identification techniques. This document provides specific guidance to government agencies that wish to use de-identification.

In developing the draft Privacy Risk Management Framework, NIST sought the perspectives and experiences of de-identification  experts both inside and outside the US Government.

Future areas of work will focus on developing metrics and tests for de-identification software, as well as working with industry and academia to make algorithms that incorporate formal privacy guarantees usable for government de-identification activities. Collected input will be used to correct technical errors and expand areas that are unclear.



privacy; de-identification; re-identification; Disclosure Review Board; data life cycle; the five safes; k-anonymity; differential privacy; pseudonymization; direct identifiers; quasi-identifiers; synthetic data
Control Families

Program Management; Risk Assessment; System and Communications Protection;


Draft SP 800-188

Supplemental Material:
Comment Template (word)

Related NIST Publications:

Document History:
Draft SP 800-188 (8/25/16)
Draft SP 800-188 (12/15/16)


Security and Privacy

Laws and Regulations
E-Government Act