The Medical Research Council has published guidance (in consultation with the Information Commissioner's Office) covering the general legal principles underpinning identifiability – relevant to registries and the research data more generally.

The guidance highlights that…

  • lots of data may not directly identify individuals on its own: but if you view it in combination with other bits of information you have access to (or that you know), you could identify individuals. This is often referred to as ‘jigsaw’ identification.
  • most information used in research is pseudonymised. For truly non-identifiable data, it wouldn’t usually be sufficient to simply remove all real-world identifiers from a research dataset e.g. what we do when we pseudonymise information.
  • sometimes no individuals could ever be identified from a piece of information, or from that information in combination with other pieces of information, for example, most aggregate statistics (this is the sort of data released by NCRAS, for example)
  • but, it is worth noting that even though aggregate statistics are not person-level information, some may contain rare outlying individuals which could lead to identifiability in certain situations.
  • almost no person-level information, rich enough to be useful for research, could be considered inherently anonymous.

The national data opt-out doesn’t apply where data has been anonymised, which is why it has been criticised by some as not truly giving people a chance to fully opt-out. This makes clarification and guidance over what can and what cannot be fully anonymised very important.

Back to e-newsletter