9. A body that anonymizes personal information must record the following information in a register:(1) a description of the personal information that has been anonymized;
(2) the purposes for which the body intends to use anonymized information;
(3) the anonymization techniques used and the protection and security measures established in accordance with section 6; and
(4) the date on which the re-identification risk analysis conducted in accordance with section 7 was completed and, as the case may be, the date on which the update of the analysis conducted in accordance with section 8 was completed.