Friday, December 02, 2016

This Topic Seems To Still Have A Way To Run. We Need To Keep A Watching Brief.

This appeared last week:

Personal data de-identification practically impossible: expert

The Australian government may well have to reconsider its plan to release data about its citizens for use by businesses or scientists, with a top expert in security and privacy engineering telling iTWire that de-identification of datasets so that they cannot be traced back to the original is very hard, to the point of being practically impossible.
George Danezis, professor of security and privacy engineering at University College, London, offered the response after being asked about de-identification of datasets in connection with the leak of personally identifiable details in health data that was released by the government.
Researchers at Melbourne University were able to trace back the data and after the government was made aware of this, the released dataset was taken offline.
iTWire initially asked Mustafa al-Bassam, a former member of Anonymous, and now a security researcher and doctoral scholar, for an opinion. Bassam directed the queries to Prof Danezis.
"In general it is very hard, to the point of being practically impossible, to take a rich dataset of patient or other records, and produce an 'anonymised' dataset that could be used instead of the first, to mine any information," Prof Danezis said/
"The key reason for this is that all information remaining about the record could be used as an identifier - even the most mundane one. If someone for example knows that you went to the doctor on three dates, they can use that information to re-identify your record if that — non-sensitive information — is still available.
Lots more here:
As I read this what is being said is the more useful information is likely to be, the higher the risk it can be abused. That rather makes sense!

No comments: