Resources for e-Learning Courses on Data Privacy and Anonymization


  1. U.S. Department of Health & Human Services: Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, 45 CFR Part 160 and Subparts A and E of Part 164.
  2. National Conference of State Legislatures: U.S. State Security Breach Notification Laws. NCSL, 2017.
  3. U.S. Federal Trade Commission: Children’s Online Privacy Protection Rule, 16 CFR Part 312.
  4. U.S. Federal Trade Commission: Gramm-Leach-Bliley Act, Pub.L. 106–102, 113 Stat. 1338.
  5. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  6. Commission decisions on the adequacy of the protection of personal data in third countries (EU).
  7. Model Contracts for the transfer of personal data to third countries (EU).
  8. Binding Corporate rules (EU).
  9. International Trade Administration (U.S.): Privacy Shield Frameworks.
  10. ISO/TS 25237:2008 – Health informatics – Pseudonymization.
  11. Information and Privacy Commissioner of Ontario & Information Technology and Innovation Foundation: Big Data and Innovation, Setting the Record Straight: De-identification does work. IPC, 2014.
  12. K. El Emam, E. Jonker, L. Arbuckle, B. Malin: “A Systematic Review of Re-identification Attacks on Health Data.” PLoS ONE 6(12), 2011.
  13. J.Y. Bambauer: “Is De-identification Dead Again?” Information, Law, and the Law of Information (Harvard Blog), April 28, 2015.
  14. K. El Emam: “A De-identification Protocol for Open Data.” IAPP Privacy Tech, May 16, 2016.
  15. K. El Emam: “On Re-identification: Not Really Unique in the Shopping Mall.” IAPP Privacy Tech, February 20, 2015.
  16. K. El Emam: “Setting the record straight on privacy dimensions in big data.” IAPP Privacy Perspectives, June 2, 2016.
  17. K. El Emam, L. Arbuckle, G. Koru, B. Eze, L. Gaudette, E. Neri, S. Rose, J. Howard, J. Gluck: “De-identification Methods for Open Health Data: The Case of the Heritage Health Prize Claims Dataset.” Journal of Medical Internet Research 14(1):e33, 2012.
  18. M. Scaiano, G. Middleton, L. Arbuckle, V. Kolhatkar, L. Peyton, M. Dowling, D.S. Gipson, K. El Emam: “A unified framework for evaluating the risk of re-identification of text de-identification tools”, Journal of Biomedical Informatics, 63:174-183, 2016.
  19. Office of the Privacy Commissioner of Canada: Privacy Toolkit: A Guide for Businesses and Organizations. OPC, 2015.
  20. Office of the Privacy Commissioner of Canada: PIPEDA Fair Information Principles. OPC, 2011.
  21. Freedom of Privacy Forum: Beyond IRBs: Ethical Review Processes for Big Data Research. FPF, 2015.