Data Anonymisation Guideline
1. Introduction
The purpose of this guideline is to indicate which case details and personal data can be anonymised in reports by experts and how to do this. This guideline applies to case details in reports for:
- assessment or reassessment of court experts
- workshops, peer reviews and training sessions for internal and external target groups
It is up to the expert to determine which data should be anonymised and how. This document serves as a guideline to help the expert in this process. See section 4 for exceptions.
2. Principle
Anonymisation refers to data that could lead directly or indirectly to the identification of a natural person, or the knowledge of which could prejudice the integrity of a person or a case. The procedure outlines how to comply with the General Data Protection Regulation (GDPR).
3. Anonymisation
General principle: Any data that directly identifies a natural person must be anonymised.
- Any data that directly identifies a natural person who is not professionally involved in the proceedings must be anonymised (victim, defendant, witnesses, etc.);
- Data that may indirectly identify natural persons must be anonymised, unless the data is important for the assessment of the report (address details, specific locations, date of birth, photos, etc.);
- Data about natural persons who are involved in the proceedings professionally and who are important for the assessment of the report will not be anonymised (experts, commissioning party, co-author of the report, etc.).
You can anonymise data in three different ways:
- Data deletion
If data is not relevant to assess the report, it can be deleted completely. - Black out data
If data is not relevant to assess the report but cannot be deleted immediately, it can be blacked out. E.g. for non-editable photographs/images/text files. Please note that digital blacking out must be done in such a way that it cannot be undone. For example, the expert can use the 'Redact' option in Adobe Acrobat Pro. - Generalise data
If data is relevant to assess the report, it can be generalised. Examples: names of victims and suspects can be generalised to [victim1] and [suspect1] and the name of the Public Prosecutor can be generalised to PP.
The diagram below serves as an example. At their discretion, experts can/may deviate from this. If in doubt, please contact the NRGD. The data below can be anonymised as follows:
| Personal data | Required for assessment | Potential processing | Comment |
| Case number | No | Own reference | For inclusion in List of Case Information |
| Date of report | Yes | n/a | For inclusion in List of Case Information |
| Name of author of report | Yes | n/a | |
| Name of the co-author of the report/supervisor | Yes | n/a | Necessary for searching assessors |
| Other names | No | Deleting or Generalising data | |
| Telephone numbers | No | Delete data | |
| Date of request | Yes | Generalise data | State only the year |
| Reference of requesting party | No | Delete data | |
| Reference of commissioning party | No | Delete data | |
| Name PP/EJ/police | No | Generalise data | PP/EJ |
| Whereabouts defendant/person under investigation | Depends | Generalise data | E.g. Custodial institution/young-offenders institution |
| Locations | Depends | Generalise data | [domicile], [school], [crime scene1], etc. |
|
Seal number identity seal |
No | Delete data | |
| Official report number | Depends | Generalise or delete data | When processing multiple reports in one file |
| Public Prosecutor's Office's number | No | Delete data | |
| Examining judge’s number | No | Delete data | |
|
SIN number |
No | Generalise data | Replace multiple SIN numbers with non-reducible number |
| Name of Defendant (1 to x) | No | Generalise data | Replace by [defendant] of [defendant1], [defendant2] |
| Victim (1 to x) | No | Generalise data | Replace by [victim] or [victim1], [victim2] |
| Witness (1 to x) | No | Generalise data | Replace by [witness] or [witness1], [witness2] |
| Names of family | No | Generalise data | Give mother, father, uncle, aunt etc another name |
| Date of birth | No | Generalise data | Replace by year of birth or age |
| Gender | Depends | Generalise data |
M/F if required, X where possible |
| Place of birth | No | Generalise data | [place of birth] |
| Country of birth | Depends | Generalise data | [country of birth] |
| Ethnic group | Depends | Generalise data | Mention if relevant. E.g. for injury interpretation |
| Date of offence | Depends | Generalise data | For multiple offences [dateOffence1] etc. |
| Time examinations | Yes | ||
| Photos pieces of evidence | Depends | Black out data | Anonymise faces, registration numbers, IP addresses, etc., unless required for assessment of the report |
| DNA profiles | Yes |
4. Principle
Anonymisation refers to data that could lead directly or indirectly to the identification of a natural person, or the knowledge of which could prejudice the integrity of a person or a case. The procedure outlines how to comply with the General Data Protection Regulation (GDPR).
5. Exceptions
Reports from some fields of expertise do not lend themselves well to anonymisation because it does not improve readability or assessment. Legal Psychology is a field of expertise at the NRGD for which anonymising data often does not promote readability. It is therefore up to the expert to assess whether the reports should be anonymised.