Thank you, Adam.
I want to use my time today to highlight the practical importance of CANON's proposals to the definition of “anonymize”.
My comments today are based on my experience with anonymization over the last two decades, both in the context of research and applications and of practice. A core focus of my work has been on the anonymization of health data such that it can be used and disclosed for research purposes, which includes developing new treatments and devices to help patients.
In my view, the CPPA's current definition of “anonymize” most often will not work well in practice when interpreted literally. It risks setting an unachievable standard that in practice is not necessary for good privacy protection. The text needs to reflect the reality that the outcome of anonymization is not absolute. It is well established among anonymization and data de-identification experts that data anonymization is a process of risk management. This is a foundational element of the recently published ISO international standard for data de-identification. Good contemporary practices, when implemented properly, can ensure that the re-identification risk is very small. Very small re-identification risk can be precisely defined and has been precisely defined by organizations such as Health Canada.
Effective re-identification risk management involves using techniques and technology to modify data as well as the implementation of appropriate administrative and technical controls. The combination of modified data that has been wrapped with appropriate administrative and technical controls ensures that the re-identification risk can be made very small.
This concept of risk management will not ensure that the re-identification risk is zero or that anonymized data is absolutely irreversible. That is not a practical standard that can be met. This is why it's important to amend the current definition of the term “anonymize”, which currently implies zero risk.
Our proposal supports the important and necessary requirement currently within the CPPA's definition that generally accepted best practices are followed during the process of anonymization, but the CANON proposal adds the concept of reasonably foreseeable risk and the circumstances so that the definition is actually workable in practice.
Based on my years of developing and implementing anonymization methods and technology, on behalf of CANON I think the implementation of CANON's proposals will enable a more responsible use and disclosure of data compared to the current definition.
We thank you in advance for your consideration. We would be pleased to answer any questions you may have.