That's right. Essentially, it ensures that, as opposed to having a potential for a reidentification test that ultimately results in a breach, it is then revealed by the Privacy Commissioner to not have met the standard.
Instead, there are two elements. There's a non-reidentification, and the commitment to the use of generally acceptable best practices. This means you're continuing to ensure you're actually drawing on the techniques that are most modern.