What is the difference between identifiable data and de-identified data?

• A. Identifiable data cannot be linked to a person.
• B. De-identified data remains with all identifiers intact.
• C. Identifiable data can be linked to a person; de-identified data has identifiers removed or coded, reducing re-identification risk.
• D. De-identified data has no privacy advantages.

Answer: (C)

The main idea is how the data can be linked to a person. Identifiable data includes direct identifiers such as a name, contact details, or other unique codes, so the record can be linked to an individual. De-identified data has those identifiers removed or replaced with a code, creating separation between the data and the person and lowering the risk that someone could re-identify the individual. It’s important to note that de-identified data isn’t risk-free: if a separate key to the coding exists or if combined with other information, re-identification can still occur. The option that says identifiable data cannot be linked to a person is incorrect because identifiable data is defined by its link to an individual. The option that says de-identified data remains with all identifiers intact is incorrect because de-identification involves removing or coding identifiers. The option that says de-identified data has no privacy advantages is incorrect because the purpose of de-identification is to reduce re-identification risk and protect privacy.