A Methodology for Managing Re- Identification Risk

This chapter provides the high-level principles behind our risk-based methodology to the creation of DFs with a low probability of re-identification.

A DF may be disclosed with different levels of access. One type of access may have no restrictions whatsoever, for example, when data are posted publicly. This means that the data custodians will not know who the data recipient may be, and how they will manage the DF. On the other hand, the data custodian may have significant access restrictions in place, requiring that the data recipient have strong security and privacy practices in place to ensure that the data are well protected and processed appropriately.