A Qualitative Analysis of Practical De-Identification Guides

De-identifying microdata is necessary yet difficult. Myriad techniques exist, which reduce risk and preserve utility to varying, often unclear extents. We conducted a thematic analysis of 38 online deidentification guides for practitioners, to understand what content they contain and how they are designed to support decision-making and execution. We highlight trends and differences between guides, and we find some concerning patterns, including inconsistent definitions of key terms, gaps in coverage of threats to de-identification, and areas for improvement in usability. We identify directions for future research and suggest changes to de-identification guidance in order to better support practitioners in conducting effective deidentification. CCS Concepts • Security and privacy → Usability in security and privacy; Privacy protections; Data anonymization and sanitization.