Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-188 (3rd Public Draft)

De-Identifying Government Data Sets

Date Published: November 15, 2022
Comments Due: January 15, 2023 (public comment period is CLOSED)
Email Questions to:


Simson Garfinkel (NIST), Phyllis Singer (U.S. Census Bureau), Joseph Near (University of Vermont), Aref Dajani (U.S. Census Bureau), Barbara Guttman (NIST)


De-identification removes identifying information from a data set so that the remaining data cannot be linked to specific individuals. Government agencies can use de-identification to reduce the privacy risks associated with collecting, processing, archiving, distributing, or publishing government data. Previously, NIST published NIST Internal Report (IR) 8053, De-Identification of Personal Information, which provided a survey of de-identification and re-identification techniques. This document provides specific guidance to government agencies that wish to use de-identification.

Six years have passed since NIST released the second draft of SP 800-188. During this time, there have been significant developments in privacy technology, specifically in the theory and practice of differential privacy. While this draft reflects some of those advances, it remains focused on de-identification, as differential privacy is still not sufficiently mature to be used by many government agencies. Where appropriate, this document cautions users about the inherent limitations of de-identification when compared to formal privacy methods, such as differential privacy.

We encourage you to use this comment template to document your comments on the draft.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications



data life cycle; de-identification; differential privacy; direct identifiers; Disclosure Review Board; the five safes; k-anonymity; privacy; pseudonymization; quasi-identifiers; re-identification; synthetic data
Control Families

Program Management; Risk Assessment; System and Communications Protection


Download URL

Supplemental Material:
Comment template (xlsx)

Document History:
08/25/16: SP 800-188 (Draft)
12/15/16: SP 800-188 (Draft)
11/15/22: SP 800-188 (Draft)
09/14/23: SP 800-188 (Final)


Security and Privacy


Laws and Regulations

E-Government Act