De-identify the dataset upon collection by not collecting personally identifiable information.
Prohibit archiving of personally identifiable information elements if those elements in a dataset will not be needed after the dataset is archived.
Remove personally identifiable information elements from a dataset prior to its release if those elements in the dataset do not need to be part of the data release.
Remove, mask, encrypt, hash, or replace direct identifiers in a dataset.
Manipulate numerical data, contingency tables, and statistical findings so that no individual or organization is identifiable in the results of the analysis.
Prevent disclosure of personally identifiable information by adding non-deterministic noise to the results of mathematical operations before the results are reported.
Perform de-identification using validated algorithms and software that is validated to implement the algorithms.
Perform a motivated intruder test on the de-identified dataset to determine if the identified data remains or if the de-identified data can be re-identified.
Embed data or capabilities in the following systems or system components to determine if organizational data has been exfiltrated or improperly removed from the organization: [Assignment: organization-defined systems or system components].
Refresh [Assignment: organization-defined information] at [Assignment: organization-defined frequencies] or generate the information on demand and delete the information when no longer needed.
Passcode