AS/NZS ISO/IEC 27559:2024 identically adopts ISO/IEC 27559:2022, which provides a framework for identifying and mitigating re-identification risks and risks associated with the lifecycle of de-identified data.
Table of contents
Header
About this publication
Preface
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Overview
6 Context assessment
6.1 General
6.2 Threat modelling
6.2.1 General
6.2.2 Security and privacy practices
6.2.3 Motives and capacity to re-identify
6.3 Transparency and impact assessment
6.3.1 General
6.3.2 Transparency of actions and stakeholder engagement
6.3.3 Privacy-related harms
7 Data assessment
7.1 General
7.2 Data features
7.2.1 General
7.2.2 Data principals
7.2.3 Data type
7.2.4 Attribute types
7.2.5 Dataset properties
7.3 Attack modelling
7.3.1 General
7.3.2 Maximum or average risk
7.3.3 Population or sample-based attack
7.3.4 Data privacy models
8 Identifiability assessment and mitigation
8.1 General
8.2 Assessing identifiability
8.2.1 General
8.2.2 Quantifying identifiability
8.2.3 Adversarial testing
8.3 Mitigation
8.3.1 General
8.3.2 Reconfiguring the environment
8.3.3 Transforming the data
8.3.4 Re-evaluation
9 De-identification governance
9.1 General
9.2 Before data are made available
9.2.1 General
9.2.2 Assigning roles and responsibilities
9.2.3 Establishing principles, policies and procedures
