What is the difference between anonymization and de-identification in TCPS 2?

• A. Anonymization removes all identifiers making re-identification unlikely; de-identification keeps a code and key that link to identifiers stored securely.
• B. Anonymization preserves identifiers; de-identification removes all identifiers.
• C. They are the same process.
• D. De-identification permanently destroys the identifiers.

Answer: (A)

In TCPS 2, anonymization means removing all identifiers so that individuals cannot be re-identified, and there is no way to link the data back to the person. De-identification means removing or encoding identifiers but keeping a coded link (a code and a separate key) that is stored securely, so re-linkage to identifiers is possible under controlled conditions.

That distinction is why the correct choice describes anonymization as removing all identifiers to make re-identification unlikely, while de-identification keeps a secure link to identifiers. The other options contradict these definitions: anonymization does not preserve identifiers; the two processes are not the same; and de-identification does not inherently destroy the identifiers permanently.