Data about individuals is very valuable. It can be used to discern trends, popular thought, individual buying habits, customer behaviour, do medical research, and many other things. But it is important that the collectors and users of that data use it in a privacy friendly manner.
One of the deflections by the NSA is that they don’t record conversations, just metadata about phone calls and other communication. Metadata means information about information, and can be just as personal and invasive as the data itself.
The Ontario Privacy Commissioner, Ann Cavoukian, recently published a paper entitled A Primer on Metadata: Separating Fact from Fiction that uses the NSA revelations to discuss why metadata is a threat to privacy – that privacy is about control, not secrecy – and that we don’t have to give up privacy for security.
Related to this issue is that of de-identification and re-identification. The metadata issue tells us that we can’t just scrub names off a list and call it de-identified or anonymous. It can be very easy to re-identify people based on other information in that data, or by combining it with other data. So if we want to have a database of anonymous or aggregate data, it is important to consider how to best accomplish that.
As the Ontario Privacy Commissioner points out in a paper entitled Looking Forward: De-identification Developments – New Tools, New Challenges , de-identification can be done in ways to make re-identification difficult, despite musings by some to the contrary.