SynD Framework logoSynthetic Health Data Governance Framework (SHDGF)
Home
ResourcesAbout SynD
1
Use Case
2
Source Data
3
Generate
4
Re-ID Risk
5
Safety
6
Final

Step 4 - Assess and Manage Re-identification Risk

Evaluate the residual risk of re-identification in the synthetic dataset using quantitative and qualitative assessment methods. Proceed only if risk is very low.

DPDSDRGC

Governance Intent

Ensure synthetic data satisfies 'very low risk' before release.

Decisions

What is the residual re-identification risk level?

Is data utility still acceptable after mitigation?

Why This Step

Ensure the synthetic dataset meets the ‘very low risk’ threshold for re-identification before release.

Prerequisites

  • Completed Step 3 (synthetic data generated)
  • Access to re-identification metrics tools
  • Understanding of risk thresholds

Time Estimate

60-120 minutes

Risk threshold critical
Only proceed if residual risk is ‘very low’. High risk requires PIA and GC approval.

Re-identification Risk Assessment

Complete all assessments to verify ‘very low’ risk status.

Required Evidence

  • Re-ID metrics (Appx 7)
  • Utility report
  • GC review record (Appx 9)

Step completion requirements

0 / 5 complete

Finish these before marking the step complete:

  • Apply re-identification risk metrics suitable for synthetic data.
  • Compare synthetic and real datasets for similarity and potential linkage.
  • Review results against the 'very low' threshold as defined in the Framework.
  • If risk exceeds threshold, adjust synthesis parameters and retest.
  • Document outcomes and sign-off by the responsible governance body.

Resources

  • Re-identification Metrics (Appendix 7)
  • Lawful Pathways (Appendix 9)
  • Five Safes Framework (Appendix 10)
Previous StepOverviewNext Step