Description
a. Remove the following elements of personally identifiable information from datasets: [Assignment: organization-defined elements of personally identifiable information]; and b. Evaluate [Assignment: organization-defined frequency] for effectiveness of de-identification.
Supplemental Guidance
De-identification is the general term for the process of removing the association between a set of identifying data and the data subject. Many de-identification techniques are available, including but not limited to: removing identifiers, reducing the amount of detail included in data, grouping values into ranges, and adding random statistical noise. The appropriateness of the de-identification technique depends upon the context of the data and the purpose for which the data will be used.
Changes from Rev 4
New control in Rev 5.