Data about individuals can be a valuable resource. Organizations holding personal information often aggregate or anonymize that data in order to gain valuable information on various trends. From a privacy perspective, that’s perfectly acceptable, as individuals can no longer be identified. Or can they?
The caveat is that is has been known for some time that it is not as easy to anonymize individual data as one might think. Reidentification of individuals by comparing anonymized data to other sources of data has been surprisingly easy in some cases.
Slashdot points to an ars technica article that talks about a paper by a University of Colorado Law School professor entitled Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization . The abstract reads as follows:
Computer scientists have recently undermined our faith in the privacy-protecting power of anonymization, the name for techniques for protecting the privacy of individuals in large databases by deleting information like names and social security numbers. These scientists have demonstrated they can often ‘reidentify’ or ‘deanonymize’ individuals hidden in anonymized data with astonishing ease. By understanding this research, we will realize we have made a mistake, labored beneath a fundamental misunderstanding, which has assured us much less privacy than we have assumed. This mistake pervades nearly every information privacy law, regulation, and debate, yet regulators and legal scholars have paid it scant attention. We must respond to the surprising failure of anonymization, and this Article provides the tools to do so.
So the lesson for any organization that anonymizes personal data is that they must think their anonymization process through very carefully.