Tag:re-identified data

1
You can be anonymised, but you can’t hide
2
The co-existence of open data and privacy in a digital world

You can be anonymised, but you can’t hide

Aug 07 2019
Browse archives for August 07, 2019
Posted in

Legal & Regulatory Risk, Privacy, Data Protection & Information Management

Tagged with , , , , , ,
Share

By Cameron Abbott, Michelle Aggromito and Karla Hodgson

If you think there is safety in numbers when it comes to the privacy of your personal information, think again. A recent study in Nature Communications found that, given a large enough dataset, anonymised personal information is only an algorithm away from being re-identified.

Anonymised data refers to data that has been stripped of any identifiable information, such as a name or email address. Under many privacy laws, anonymising data allows organisations and public bodies to use and share information without infringing an individual’s privacy, or having to obtain necessary authorisations or consents to do so.

But what happens when that anonymised data is combined with other data sets?

Read More

The co-existence of open data and privacy in a digital world

Dec 22 2017
Browse archives for December 22, 2017
Posted in

Breaches, Legal & Regulatory Risk, Managing Threats & Attacks, Privacy, Data Protection & Information Management

Tagged with , , , , , , , , , , , , ,
Share

By Cameron Abbott, Keely O’Dowd and Giles Whittaker

Earlier this week researchers from the University of Melbourne released a report on the successful re-identification of Australian patient medical data that formed part of a de-identified open dataset.

In September 2016, the researchers were able to re-identify the longitudinal medical billing records of 10% of Australians, which equates to about 2.9 million people. The report outlines the techniques the researches used to re-identify the data and the ease at which this can be done with the right know-how and skill set (ie someone with an undergraduate computing degree could re-identify the data).

At first glance, the report exposes the poor handling of the dataset by the Department of Health. Which brings into focus the need for adequate contractual obligations regarding use and handling of personal information, and the need to ensure adequate liability protections are addressed even where the party’s intentions are for all personal information to be de-identified. The commercial risk with de-identified data has shown to be the equivalent of a dormant volcano.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.