U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-188 (Draft)

De-Identifying Government Data Sets (3rd Draft)

Date Published: November 15, 2022
Comments Due: January 15, 2023 (public comment period is CLOSED)
Email Questions to: sp800-188-draft@nist.gov

Author(s)

Simson Garfinkel (NIST), Phyllis Singer (U.S. Census Bureau), Joseph Near (University of Vermont), Aref Dajani (U.S. Census Bureau), Barbara Guttman (NIST)

Announcement

De-identification removes identifying information from a data set so that the remaining data cannot be linked to specific individuals. Government agencies can use de-identification to reduce the privacy risks associated with collecting, processing, archiving, distributing, or publishing government data. Previously, NIST published NIST Internal Report (IR) 8053, De-Identification of Personal Information, which provided a survey of de-identification and re-identification techniques. This document provides specific guidance to government agencies that wish to use de-identification.

Six years have passed since NIST released the second draft of SP 800-188. During this time, there have been significant developments in privacy technology, specifically in the theory and practice of differential privacy. While this draft reflects some of those advances, it remains focused on de-identification, as differential privacy is still not sufficiently mature to be used by many government agencies. Where appropriate, this document cautions users about the inherent limitations of de-identification when compared to formal privacy methods, such as differential privacy.

We encourage you to use this comment template to document your comments on the draft.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications

Abstract

Keywords

data life cycle; de-identification; differential privacy; direct identifiers; Disclosure Review Board; the five safes; k-anonymity; privacy; pseudonymization; quasi-identifiers; re-identification; synthetic data
Control Families

Program Management; Risk Assessment; System and Communications Protection

Documentation

Publication:
SP 800-188 (Draft) (DOI)
Local Download

Supplemental Material:
Comment template (xls)

Document History:
08/25/16: SP 800-188 (Draft)
12/15/16: SP 800-188 (Draft)
11/15/22: SP 800-188 (Draft)

Topics

Security and Privacy
privacy

Laws and Regulations
E-Government Act