ISO/IEC 27559:2022
Information security, cybersecurity and privacy protection – Privacy enhancing data de-identification framework
This document provides a framework for identifying and mitigating re-identification risks and risks associated with the lifecycle of de-identified data.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller’s behalf, implementing data de-identification processes for privacy enhancing purposes.
| Get this standard | Prices exclude GST | |
|---|---|---|
| PDF ( Single user document) |
$256.00 NZD
|
|
| HardCopy |
$303.00 NZD
|
|
| Networkable PDF |
Price varies
|
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Overview
6 Context assessment
6.1 General
6.2 Threat modelling
6.2.1 General
6.2.2 Security and privacy practices
6.2.3 Motives and capacity to re-identify
6.3 Transparency and impact assessment
6.3.1 General
6.3.2 Transparency of actions and stakeholder engagement
6.3.3 Privacy-related harms
7 Data assessment
7.1 General
7.2 Data features
7.2.1 General
7.2.2 Data principals
7.2.3 Data type
7.2.4 Attribute types
7.2.5 Dataset properties
7.3 Attack modelling
7.3.1 General
7.3.2 Maximum or average risk
7.3.3 Population or sample-based attack
7.3.4 Data privacy models
8 Identifiability assessment and mitigation
8.1 General
8.2 Assessing identifiability
8.2.1 General
8.2.2 Quantifying identifiability
8.2.3 Adversarial testing
8.3 Mitigation
8.3.1 General
8.3.2 Reconfiguring the environment
8.3.3 Transforming the data
8.3.4 Re-evaluation
9 De-identification governance
9.1 General
9.2 Before data are made available
9.2.1 General
9.2.2 Assigning roles and responsibilities
9.2.3 Establishing principles, policies and procedures
9.2.4 Identifying and managing a data disclosure
9.2.5 Communicating with stakeholders
9.3 After data are made available
9.3.1 General
9.3.2 Monitoring the data environment
9.4 Mitigation in case of incident
Annex A (informative) Example identifiers
Annex B (informative) Example threshold identifiability benchmarks
Bibliography
Keep me up-to-date
Sign up to receive updates when there are changes to this standard
Related Information
Similar Standards
-
AS/NZS ISO/IEC 27001:2023
Information security, cybersecurity and privacy protection – Information security management systems – Requirements
-
AS/NZS ISO/IEC 27001:2023 A1
Information security, cybersecurity and privacy protection - Privacy enhancing data de-identification framework
-
AS/NZS ISO/IEC 27002:2022
Information security, cybersecurity and privacy protection — Information security controls
-
AS/NZS ISO/IEC 27011:2025
Information security, cybersecurity and privacy protection – Information security controls based on ISO/IEC 27002 for telecommunications organizations
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Overview
6 Context assessment
6.1 General
6.2 Threat modelling
6.2.1 General
6.2.2 Security and privacy practices
6.2.3 Motives and capacity to re-identify
6.3 Transparency and impact assessment
6.3.1 General
6.3.2 Transparency of actions and stakeholder engagement
6.3.3 Privacy-related harms
7 Data assessment
7.1 General
7.2 Data features
7.2.1 General
7.2.2 Data principals
7.2.3 Data type
7.2.4 Attribute types
7.2.5 Dataset properties
7.3 Attack modelling
7.3.1 General
7.3.2 Maximum or average risk
7.3.3 Population or sample-based attack
7.3.4 Data privacy models
8 Identifiability assessment and mitigation
8.1 General
8.2 Assessing identifiability
8.2.1 General
8.2.2 Quantifying identifiability
8.2.3 Adversarial testing
8.3 Mitigation
8.3.1 General
8.3.2 Reconfiguring the environment
8.3.3 Transforming the data
8.3.4 Re-evaluation
9 De-identification governance
9.1 General
9.2 Before data are made available
9.2.1 General
9.2.2 Assigning roles and responsibilities
9.2.3 Establishing principles, policies and procedures
9.2.4 Identifying and managing a data disclosure
9.2.5 Communicating with stakeholders
9.3 After data are made available
9.3.1 General
9.3.2 Monitoring the data environment
9.4 Mitigation in case of incident
Annex A (informative) Example identifiers
Annex B (informative) Example threshold identifiability benchmarks
Bibliography