Simply removing direct and indirect personal identifiers isn’t enough to achieve de-identification of a dataset. Data controllers must also analyze the context in which the data is presented, as well as the risk of re-identification. Not only that, but technical methods for performing de-identification are not prescribed by law, but rather are often left to the discretion of the data controller. So how do you limit risk of re-identification and respond quickly with appropriate technical methods of de-identification?
Companies based in France that disclose documents containing personal data (such as in litigation or personnel records) must also comply with the requirements of the French Data Protection Act or risk heavy criminal sanctions for failing to do so. Data controllers (which includes records managers) are not required to file a specific “discovery” notification as long as their data processing activities have been regularly filed with the French authorities. Nevertheless, there must be a legal basis for any transfer of personal data to the U.S., and companies must notify the government of such transfers. The data controller may rely on the “establishment, exercise or defense of a legal claim” exception as a legal basis for a single and limited transfer of all relevant information relating to a particular litigation
In these circumstances, data controllers and processors will be required to produce a privacy impact report that identifies how such personally identifiable information is collected, managed and safeguarded in compliance with the regulations for the protection of personal data
**Views expressed in this blog are my personal views and not those of my employer. Any reference to any living person or organisation, past or present, is entirely co-incidental** As any blogger is allowed to do, let me play devil’s advocate for a moment. We may think we speak...
1 Comment - My 5 cts would be: the logs are owned by the 'data controller', so the IT archive owner
8403 Colesville Rd #1100Silver Spring, MD 20910USA
Phone: (301) 587-8202Toll free: (800) 477-2446Fax: (301) 587-2711Email: hello@aiim.org
JoinBenefitsLearn More
About UsTerms of Use