ISO IEC 20889-2018 PDF

Full title and description

Information technology — Security techniques — Privacy enhancing data de-identification terminology and classification of techniques. This international standard defines terminology and provides a structured classification of data de‑identification techniques used to reduce re‑identification risk and to support privacy‑enhancing data handling in accordance with privacy principles such as those in ISO/IEC 29100.

Abstract

ISO/IEC 20889:2018 describes privacy‑enhancing data de‑identification techniques for use when designing and documenting de‑identification measures. It specifies common terminology, classifies techniques by characteristics and intended applicability, and explains how techniques may reduce the risk of re‑identification. The standard is intended for organizations and practitioners implementing de‑identification for privacy protection.

General information

• Status: Published (International Standard; confirmed following systematic review).
• Publication date: 6 November 2018 (Edition 1). Confirmed on 3 May 2024.
• Publisher: International Organization for Standardization (ISO) — joint ISO/IEC standard, developed under ISO/IEC JTC 1/SC 27.
• ICS / categories: 35.030 (IT security).
• Edition / version: Edition 1 (2018).
• Number of pages: 46.

Scope

This document provides terminology and a classification framework for privacy‑enhancing data de‑identification techniques. It is applicable to the design, specification and description of de‑identification measures implemented by PII controllers and processors across organizations of all sizes and sectors. It focuses on techniques for reducing re‑identification risk rather than on legal/regulatory requirements or operational deployment details.

Key topics and requirements

• Standardized terminology for de‑identification concepts (identifiers, quasi‑identifiers, re‑identification risk, pseudonymization, anonymization, etc.).
• Classification of de‑identification techniques by characteristics (e.g., reversible vs. non‑reversible, record‑level vs. attribute‑level, deterministic vs. randomized).
• Descriptions of common techniques: suppression, generalization, sampling, aggregation, pseudonymization, randomization/noise addition, synthetic data generation, cryptographic approaches.
• Guidance on applicability of techniques relative to re‑identification risk and data utility trade‑offs.
• Relationship to privacy principles and other standards (e.g., ISO/IEC 29100 privacy framework) to support consistent implementation.
• Consideration of attacker models and contextual factors that affect technique selection and effectiveness.
• Terminology to support communication between privacy engineers, data custodians and auditors.

Typical use and users

ISO/IEC 20889 is aimed at privacy and data protection professionals, data protection officers, privacy engineers, data scientists, IT security teams, legal/compliance staff, vendors of de‑identification tools, and standards bodies. Typical uses include selecting and describing suitable de‑identification techniques, documenting privacy controls, informing risk assessments related to data sharing and analytics, and aligning internal policies with recognized terminology and classifications.

Related standards

Closely related publications include ISO/IEC 29100 (privacy framework), ISO/IEC 27559 (privacy enhancing data de‑identification framework), the ISO/IEC 27000 family (information security management), and other cryptographic and data protection standards referenced by ISO/IEC 20889 (for example, relevant ISO/IEC series on cryptography and secure techniques). National adoptions and identical regional standards may also exist.

Keywords

de‑identification, privacy enhancing technologies (PETs), anonymization, pseudonymization, re‑identification risk, data masking, generalization, suppression, randomization, synthetic data, privacy engineering, ISO/IEC JTC 1/SC 27.

FAQ

Q: What is this standard?

A: ISO/IEC 20889:2018 is an international standard that defines terminology and a classification of techniques for privacy‑enhancing data de‑identification.

Q: What does it cover?

A: It covers definitions, a taxonomy of de‑identification techniques (attribute‑ and record‑level methods, reversible vs non‑reversible approaches, cryptographic options, synthetic data, etc.), and guidance on their applicability for reducing re‑identification risk while considering data utility.

Q: Who typically uses it?

A: Data protection officers, privacy and security engineers, data scientists, IT/security teams, tool vendors, and regulators or auditors who need a common vocabulary and classification for de‑identification measures.

Q: Is it current or superseded?

A: The edition published in November 2018 (Edition 1) is current and was confirmed following review in 2024; it has not been superseded. Users should check for later amendments or newer standards (for example, ISO/IEC 27559 provides a related framework published subsequently).

Q: Is it part of a series?

A: It is part of the ISO/IEC information security and privacy standards developed under JTC 1/SC 27 and aligns with related standards such as ISO/IEC 29100 (privacy framework) and ISO/IEC 27559 (de‑identification framework).

Q: What are the key keywords?

A: De‑identification, anonymization, pseudonymization, re‑identification risk, privacy enhancing technologies, data masking, synthetic data, privacy engineering.