Absent the terms “generally accepted best practices”, the definition has nothing but a goal, which is an incapacity for reidentification.
Our view is that the term “generally accepted best practices” obligates organizations to continuously ensure that anonymization techniques they use are in line with evolving standards. Without the reference to “generally accepted best practices” in the definition, organizations may determine for themselves what is an appropriate technique regardless of whether it meets widely recognized standards or is even a credible technique.
Our view is that, by obligating in the definition organizations to conform to what is the best-in-class approach to anonymization, we've actually got a higher standard than leaving it as solely the goal.