That's one thing that generally accepted best practices do. They require organizations to ensure their information is anonymized in accordance with generally accepted best practices. Those practices evolve. For example, ISO has a standard on anonymization, and that standard may evolve.
If you're no longer compliant with those generally accepted standards, your information is no longer anonymized pursuant to the act. It becomes identifiable, and, therefore, becomes personal information.