ISO/IEC CD 10267

Information technology — Data usage — Methods to quantify the amount of personal information in a dataset

Апстракт

The purpose of this document is to provide guidance on the methods to quantify the amount of personal information and to help estimate how easy it might be to reidentify someone in a dataset subjected to de-identification when it contains information about the characteristics of, actions of, or relationships to, natural persons. This guidance can further help organisations make better decisions for privacy protection and for appropriate use, sharing and exchange of such data.
This document is a high level, principles-based advisory standard which sets out terms and concepts that can be referenced by organizations.
This document does not provide an estimate of how easy it is to identify someone where additional external data is accessible, nor does it provide a way to define whether data is PII or not.