---
title_en: "Information Security Technology — Guide for Evaluation of Personal Information De-identification Effect (GB/T 42460-2023)"
title_zh: "信息安全技术 个人信息去标识化效果评估指南 (GB/T 42460-2023)"
abbreviation: "GB/T 42460"
hierarchy: "standard"
issuing_body: "Standardization Administration of China; National Information Security Standardization Technical Committee (TC260)"
effective_date: 2023-12-01
status: "effective"
related_laws: ["pipl"]
domains: ["personal-information"]
url: https://datacompliancechina.com/laws/gbt-42460-deidentification-evaluation-guide/
summary: "GB/T 42460-2023 is the recommended national standard for evaluating whether a personal-information de-identification process has actually worked. It sets out the goals, principles, evaluation framework and methods for judging re-identification risk in de-identified datasets — covering identifiers, the choice of de-identification models, and how to test residual risk. It complements GB/T 37964 (the de-identification guide) by providing the effectiveness-evaluation half, and supports PIPL's treatment of de-identification and anonymization."
---

> **Source: Data Compliance China** — https://datacompliancechina.com/laws/gbt-42460-deidentification-evaluation-guide/ · English rendering and annotations by DCC; the Chinese original governs. Cite as: Data Compliance China, "Information Security Technology — Guide for Evaluation of Personal Information De-identification Effect (GB/T 42460-2023)", https://datacompliancechina.com/laws/gbt-42460-deidentification-evaluation-guide/
> *DCC summary, not a translation.* GB/T 42460-2023 is a copyrighted national standard. The structured summary below is DCC's own paraphrase of the standard's framework, for overseas compliance teams.

## Scope

GB/T 42460-2023 provides **the goals, principles, framework and methods for evaluating the effectiveness of personal-information de-identification (去标识化)** — that is, for judging whether a dataset that has been put through a de-identification process carries an acceptably low risk of re-identification. It applies to organizations evaluating the de-identification of their own datasets, and serves as a reference for assessors and regulators reviewing de-identification work.

It is a **recommended** standard. It is the natural companion to **GB/T 37964** (the *Guide for De-identification of Personal Information*): where GB/T 37964 explains *how to perform* de-identification, GB/T 42460 explains *how to test whether it succeeded*.

## Key contents

The standard frames de-identification effectiveness in terms of re-identification risk and walks through how to evaluate it.

**Concepts and goals.** It works from the PIPL/standards definitions of **de-identification** (processing so that personal information cannot identify a specific natural person without additional information) and **anonymization** (processing so that the subject cannot be re-identified and the data cannot be restored), and frames the evaluation goal as confirming that residual re-identification risk is controlled to an acceptable level given the data-use scenario.

**Evaluation principles.** Effectiveness is assessed relative to the **release/sharing scenario** and the resources a realistic attacker could bring to bear; the evaluation must consider both direct identifiers and quasi-identifiers, and the possibility of linkage with external datasets.

**Identifiers and attributes.** Guidance on distinguishing direct identifiers, quasi-identifiers and other attributes, since the re-identification risk turns largely on quasi-identifier combinations.

**Evaluation framework and methods.** An evaluation process and a set of methods/metrics for testing residual risk — addressing re-identification attack models (singling-out, linkage and inference), the de-identification models applied (such as generalization, suppression, pseudonymization and aggregation), and how to judge whether the chosen technique and parameters achieve the target risk level for the intended disclosure context.

**Reporting.** Guidance on documenting the evaluation and its conclusion.

The annexes provide reference material on attack models, risk metrics and worked considerations.

## How it fits the regime

De-identification and anonymization are load-bearing concepts in **PIPL**. PIPL defines both terms (Article 73); **anonymized** information falls outside the definition of "personal information" (Article 4) and so outside the law's scope, whereas **de-identified** information is still personal information and remains regulated. The practical question — *has a dataset been de-identified or anonymized well enough?* — is exactly what GB/T 42460 helps answer.

For overseas compliance teams, the standard matters whenever a Chinese operation relies on de-identification to reduce risk (for analytics, sharing, secondary use, or to argue data has been anonymized out of PIPL's scope). It supplies the test method to back that reliance, and it pairs with GB/T 37964 (de-identification technique), GB/T 35273 (which calls for de-identified/encrypted storage of sensitive data) and the impact-assessment standard. It does **not** lower any statutory threshold — it is the evidentiary method for showing a de-identification claim holds up.
