There is some risk of disclosing identities of individuals (or entities) and their sensitive data that exists in every data file released. A privacy policy should describe a process that considers whether the release of the data file followed reasonable procedures and a process that applies appropriate data use restrictions and access controls. At the very least, the risk of re-identification should be minimized after considering the possible approaches to re-identify persons using existing technology and public or commercially available information.
展开▼