Thursday, November 29, 2007


A recent Scientific American article (1) describes how even deidentified data can be used to reidentify individuals, specifically when bits of information exist in public databases. The article recounts the work of Lantanya Sweeney, who runs the Data Privacy Laboratory at Carnegie Mellon University. Her research found that reidentifying personal information is simpler than one might have imagined. In one case, a banker cross-referenced information in publicly available hospital discharge records against his client list to determine whether any of his clients had cancer. If they did, he called in their loans. In another case, Sweeney found a way to reidentify patients with Huntington disease even after all information about the patients had been deleted from their records. She combined known sequencing data indicating the presence of the disease with hospital discharge records, which included patients'ages, and succeeded in accurately linking 90% of the Huntington disease patients with DNA records on file.

No comments: