Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization

Privacy and Security, Networks, the Internet, and Cloud Computing and Internet

Article Snapshot

Author(s)

Paul Ohm

Source

University of Colorado Law Legal Studies Research Paper No. 09-12, 2009

Summary

This article suggests that anonymization is an insufficient form of privacy protection and recommends improvements.

Policy Relevance

In order to protect privacy in a post-anonymization world, regulations governing the sharing of data must be reworked to prevent reidentification of consumers with their information.

Main Points

  • Anonymization is the process of removing identifying information from corporate databases containing consumer information.
     
  • During the anonymization process, names and any other identifiers such as identification number, account number, or next of kin, are removed from the database so that the rest of the information can then be shared.
     
  • Recently, a process called reidentification has been used to reconnect the anonymized data with the proper owners. This advance seriously undermines current privacy systems that allow sharing based on anonymization.
     
  • Legislatures have historically allowed the release of anonymized data because it balances the opposing interests of privacy and useful access to information. However, now that anonymized data can be reconnected with its owners, it is necessary to reevaluate the balance in order to protect consumer privacy.
     
  • In order to better balance the opposing interests of privacy and information usefulness, regulators should take two steps:

    • Utilize new technology to make reidentification more difficult, such as not releasing raw data, or tracking who possesses and uses that data.
       
    • Banning or limiting sharing of databases with sensitive or easily reidentifiable data.
       
  • Under the new regulatory scheme, a five factor test could be used to analyze the potential risk of privacy harm:

    • How the data-handling techniques used affect the risk of reidentification.
       
    • Whether the information is released privately or publicly.
       
    • The quantity of information released.
       
    • The motive for releasing the information.
       
    • The amount of trust to be placed in the possessors of the information.
       
  • Examples of areas that require strong regulation include health information and internet usage information.

Get The Article

Find the full article online

Search for Full Article

Share