Let’s start off the week with a controversional question! A Code of Practice released by the UK Information Commissions Office on 20 November adds an interesting slant to the question. The Code of Practice (Anonymisation: Managing Data Protection Risk) reconfirms that the Data Protection Directive – dating back to 1995 – says that the principles of data protection do not apply to data rendered anonymous.
The Good Clinical Practice (GCP) community have typically interpreted clinical trial patient data as not falling within this definition because, although the data is anonymised, there still exists a code list held by the clinical trial investigator which links the patient number with the actual patient identity (the subject identification code list). However, the new Code of Practice clarifies the point that the Data Protection Act does not require anonymisation to be completely risk free or to be 100%. The data protection authority in Hamburg have gone further to state that ‘rendering anonymous’ is defined as “the alteration of personal data so that information concerning personal or material circumstances cannot be attributed to an identified or identifiable natural person or that such attribution would require a disproportionate amount of time, expense and effort‘. It is therefore acknowledged that the absolute impossibility for re-identification in practice cannot always be achieved.
Industry has usually maintained that because there exists a theoretical possibility that somebody may use the subject ID list to link the anonymised data with the original patient records, then the data is to be considered as personal data within the definition of the Data Protection Directive. However, the Code of Practice gives an example where an anonymisation code is actually held by the same organisation who holds the private data and this is to be considered sufficiently anonymised so long as there are security systems in place (policies and procedures) to prevent a link being made. In the GCP scenario, the anonymised data and the code list are held by separate entities (sponsor and investigator) under strict GCP principles and contractual obligations to keep the code secure. The case is therefore stronger!
In fact, to avoid any further ambiguity, the Code of Practice actually uses clinical trial data as one of its case studies in Annex 2. It concludes that the risk of discosure of the key code is sufficiently low to consider the data held by the trial sponsor to be completely anonmysied and therefore not within the restrictions of the Data Protection Directive and Data Protection Act.