Easily re-identified 'anonymised' data threatens privacy

By on
Easily re-identified 'anonymised' data threatens privacy

Gaussian copula could trip GDPR trap.

Researchers have once again shown that sensitive data, supposedly anonymised so as not to  reveal its subjects, can be re-constituted with relative ease.

Data scientists from London's Imperial College and the Université Catholique de Louvain in Belgium had a crack at estimating the likelihood of a specific person being correctly re-identified in even heavily incomplete, anonymised datasets.

Their Gaussian copula-based method turned out to be very accurate.

"Using our model, we find that 99.98 percent of Americans would be correctly re-identified in any dataset using 15 demographic attributes.

"Our results suggest that even heavily sampled anonymized datasets are unlikely to satisfy the modern standards for anonymisation set forth by GDPR and seriously challenge the technical and legal adequacy of the de-identification release-and-forget model," the researchers wrote in the Nature Communications scientific journal.

That it is possible to re-identify the people in anonymised data sets could lead to legal trouble for companies and organisations that use the information, for commercial purposes or for public good.

The general data protection regulation (GDPR) introduced by the European Union and the recent California consumer privacy act require that each and every person in data sets must be protected for the information to be considered anonymous, the researchers said.

Re-identifiable data sets could fall afoul of strict new privacy laws aimed at protecting individuals from having their sensitive, personal information being used against them.

Researchers have warned that the anynomisation of data sets traded to third parties or made public fall well short of what's required to protect people's privacy for several years.

In 2017, University of Melbourne (UoM) researchers Drs Chris Culnane, Benjamin Rubinstein and Vanessa Teague were able to easily re-identify patients in the Medicare and pharmaceutical benefits schemes in data sets released to the public in 2016.

Individuals can be matched to their records simply by using existing information such as their year of birth and medical procedures.

The UoM researchers were able to match patient records to seven prominent Australians that included three former or current members of parliament and an AFL footballer by using publicly available information online.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
anonymising data security

Sponsored Whitepapers

Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM
Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM
Future of work: Support your distributed HR workforce with digital document processes
Future of work: Support your distributed HR workforce with digital document processes
Develop a resiliency strategy that integrates risk analysis & continuity management
Develop a resiliency strategy that integrates risk analysis & continuity management
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
Optimise your operations with APM and AI-Powered insights
Optimise your operations with APM and AI-Powered insights

Events

Most Read Articles

Westpac replaces branch phone systems with iPhones, Teams Calling

Westpac replaces branch phone systems with iPhones, Teams Calling
Westpac loses its group head of data and advanced analytics

Westpac loses its group head of data and advanced analytics
NBN Co to charge free fibre recipients that don't stick with higher speed plans

NBN Co to charge free fibre recipients that don't stick with higher speed plans
CBA to rebrand its internal IT organisation

CBA to rebrand its internal IT organisation

Log In

Email:
Password:
  |  Forgot your password?