The National Institute of Standards and Technology (NIST) has released a draft report, De-identification of Personally Identifiable Information, for comment.
De-identification techniques are widely used to remove personally identifiable information from data to protect individuals' privacy. Several US laws, including the Health Insurance Portability and Accountability Act, require or provide safe harbors for sharing de-identified data in certain circumstances, and the extent to which data can be re-identified has been a concern in the past several years. The draft report reflects a NIST-initiated review of de-identification techniques as well challenges and criticisms of the various techniques.