There is a seemingly ever-growing demand for personally identifiable electronic information such as financial transactions, insurance claims, mobility traces, data from wearables and other monitoring devices, among many others. The topic “Big Data” has become commonplace in almost every domain. Sharing data for surveillance and research can have tremendous benefits to society, and spur innovation and new data products.
One of the main methods to facilitate the use and disclosure of data for reuse, without the need for express consent, is anonymization (i.e., masking and de-identification) of the data. When properly anonymized, the likelihood of a successful attack on a data set is small and, if there should be a breach, the harm to individuals’ reputations and privacy is greatly reduced. Also, the ability to amalgamate data sets in order to create detailed profiles about individuals is significantly hampered when the data is properly anonymized (through both technical and contractual controls).
The e-Learning Courses on Data Privacy and Anonymization found here are intended for the private sector (data custodians and/or recipients) and are based on information found in the Guide to the De-Identification of Personal Health Information(CRC Press 2013) by Khaled El Emam, as well as updated research and guidelines in this area. These courses are available in both English and French. For links to more resources, please see our resources page.
An introductory course intended to educate data recipients on the legal framework and disclosure risks for personally identifiable information. This course will develop expertise in the area of personal information privacy, and provide a greater understanding of the privacy obligations associated with the handling of personal information. The course contains four e-learning modules and is approximately 1 hour and 45 minutes in length.
A more in-depth course on anonymizing data intended for practitioners looking to apply the best guidelines and strategies in the de-identification of personally identifiable information. This course contains twelve e-learning modules that will summarize the case for de-identifying data (beyond simply masking of direct identifiers), explain disclosure risks, describe methods to properly de-identify personally identifiable data using a risk-based strategy that incorporates contractual and security controls, and provide guidance on an appropriate governance framework for the handling of personal information. The course runs approximately 5 hours in length.
Funding for the development of these courses was provided by the Office of the Privacy Commissioner of Canada (OPC) Contributions Program. The views expressed herein are those of the presenters and do not necessarily reflect those of the OPC.