Addressing Anonymization Requirements Under Quebec Regulations and the GDPR

Addressing anonymization requirements with confidence when expectations are evolving and complex requirements have to be met

For organizations operating nationally in Canada, Quebec’s anonymization requirements have added a new layer of complexity to data use for analytics, research and AI. In particular, the Quebec anonymization regulations introduce new concepts to the definition of identifiability in a Canadian context, although they have been part of the expectations under the EU’s General Data Protection Regulation (GDPR). For example, concepts such as “inferences” need to be defined and evaluated in data to demonstrate that they meet the anonymity requirements. In practice, many organizations still struggle to interpret these requirements, apply them consistently and produce the necessary evidence for governance, review and approval.

This webinar will explain what the anonymization requirements mean in practical terms, with a focus on understanding and assessing inference and other privacy risks in anonymized data. Drawing on current regulatory developments and real-world implementation challenges and solutions, we will show how organizations can take a more rigorous and scalable approach. Participants will see how new technologies and standards can help automate these assessments and gives teams a more complete view of privacy exposure, including inference considerations.

You’ll learn:

• About key anonymization requirements and expectations under Quebec’s anonymization regulations and the GDPR, including the concept of inference
• How to understand inference in practical terms and why it has been difficult for organizations to interpret and operationalize
• What a more rigorous, context-based approach to anonymization assessment looks like in practice
• How new technologies can help automate assessment, strengthen documentation and support more defensible data-sharing, analytics and AI decisions

Who this is for:

Leaders and practitioners working in privacy, data governance, legal, compliance, risk, research, analytics, IM/IT and information security across public and private sector organizations. This session will be particularly useful for teams responsible for anonymizing or de-identifying data for secondary purposes, as well as those reviewing, approving or governing data use in environments involving sensitive or regulated data.

Speaker bios:

Dr. Khaled El Emam is Canada’s Research Chair in Medical AI at the University of Ottawa and leads the university’s new medical AI institute. He is a Professor in the School of Epidemiology and Public Health and Director of the Electronic Health Information Laboratory at the CHEO Research Institute. He was recently the Scholar-in-Residence with the Ontario Information and Privacy Commissioner (IPC), where his main mandate was to support the IPC's modernization and expansion of their de-identification guidance. An internationally recognized expert in anonymization, re-identification risk assessment and privacy-preserving data sharing who has founded or co-founded several spin-off companies, he has decades of experience conducting and applying rigorous research to practical solutions used globally.