Til Datatilsynet

To start page

Guide

The anonymisation of personal data

Glossary

Aggregated data

 

 

Statistical data about several individuals, which has been combined to show general trends or values without identifying individuals within the data set. Aggregated data is not necessarily anonymous data.

 

Attacker

 

 

A third party (i.e. neither the data controller nor the data processor), who gains access to the original data entries, either intentionally or by accident.

Anonymous data

 

 

Data which it is impossible, using all reasonable technical means, to link back to an individual person.

 

Anonymisation

 

 

The process of rendering data into a form in which it is no longer possible to identify individuals and where the risk of identification does not exist, using all reasonable technical means.

 

Attribute

 

 

In a relational database, an attribute is a property or characteristic belonging to a table (component). For example, in a customer database, there is a table (component) called Customer. Attributes ascribed to this table may include customer no., first name, surname, address, postcode, etc. These attributes will form the headings of the table’s various columns. Values accorded to the attributes might be: 123456, Per, Hansen, Storgata 1, 0123.

 

De-identified

 

Data from which the directly identifying attribute values have been removed and replaced by a unique identifier to conceal the identity of the data subject.

 

Limited access

 

 

The release of data to a limited and narrowly defined group of users, e.g. researchers or an institution.

Data controller

 

 

The organisation or person who determines the purpose for which the personal data are to be processed, and the manner in which this is to be done. The data controller is responsible for ensuring that the data are processed in accordance with the provisions of the Personal Data Act.

Data processor

The organisation or person who processes personal data on behalf of the data controller. The data processor must process the personal data only as specifically agreed with the data controller.

Data set

A data set comprises different entries relating to individual people (the data subjects). Each individual entry is related to a single data subject and is made up of a set of values (e.g. 2013) for each attribute (e.g. Year). A data set is a collection of entries, which can take the form of a table (or a series of tables) or an annotated/weighted graph.

Quasi-identifiers

Combinations of entries relating to a data subject or group of data subjects. In some cases, a data set may contain several entries on the same person.

 

Entry

The contents of a table column (e.g. Per, Hansen, Rødveien 9, etc.). In other words, the values recorded under each attribute heading, in this case: first name, surname, address, etc.

 

Personal data

 

 

A piece of information or an assessment which may be linked to an individual person.

Pseudonymisation

 

 

A process whereby directly identifiable parameters are replaced by unique indicators to conceal the real identities of the data subjects.

 

Publishing

 

The act of making data publicly available, e.g. by uploading them to the internet.

 

Data subject

An individual person about whom information is recorded.

 

Sensitive personal data

 

Information regarding a person’s racial or ethnic origin; political, philosophical or religious views; health issues; sexual relations; membership of a trade union; or that a person has been suspected, charged, indicted or convicted of a criminal offence.