The Anonymisation Decision-Making Framework (ADF) is a practical guide to anonymisation intended to provide operational support to data controllers anonymising personal data (or other sensitive data), which is consistent with codes of conduct such as the UK Information Commissioner’s Anonymisation Code of Practice. The ADF was originally written by researchers from the UK Anonymisation Network (UKAN), a network of data custodians, and exists in three forms: a version consistent with the EU Data Protection Directive in 2016, a version consistent with GDPR in 2020, and a version (the De-Identification Decision-Making Framework, DDF), adapted by researchers at the Commonwealth Scientific and Industrial Research Organisation (CSIRO) for Australian law.
The ADF is intended to implement functional anonymisation, which manages the risk of reidentification of anonymised data with measures specific to the context in which it is held. It consists of ten components, divided into a data situation audit (to frame the relevant data context), risk assessment and control, and impact management (to consider measures to ensure risk remains negligible going forward, as well as to plan for security breaches).
Elliot, M., Mackey, E. and O’Hara, K., 2020. The Anonymisation Decision-Making Framework: European practitioners’ guide, 2nd edition. United Kingdom Anonymisation Network, https://ukanon.net/framework/.
Elliot, M., Mackey, E. and O’Hara, K., 2020. The Anonymisation Decision-Making Framework: European practitioners’ guide, 2nd edition. United Kingdom Anonymisation Network, https://ukanon.net/framework/.