For years, companies and institutions have been using “anonymization” or “deidentification” techniques and processes to release data concerning individuals, saying that the techniques will protect personal privacy and preclude the sensitive information from being linked back to an individual. Yet we have seen time and again that these processes haven’t worked.
For almost two decades, researchers have told us that anonymization of private information has significant problems, and individuals can be re-identified and have their privacy breached. (I wrote a blog post last year detailing some of the research concerning re-identificaiton of anonymized data sets.)
Recently, Australian Attorney General George Brandis announced that he would seek to amend the country’s Privacy Act to “create a new criminal offence of re-identifying de-identified government data. It will also be an offence to counsel, procure, facilitate, or encourage anyone to do this, and to publish or communicate any re-identified dataset.”
According to the Guardian, the “impetus” for this announcement was a recent privacy problem with deidentified Medicare data, a problem uncovered by researchers. “A copy of an article published by the researchers outlines how every single Medicare data code was able to be reidentified by linking the dataset with other available information,” the Guardian reported.
In his announcement Brandis noted, “With advances of technology, methods that were sufficient to de-identify data in the past may become susceptible to re-identification in the future.”
This statement sums up why reidentification of data should not be criminalized, especially with the broad wording of Brandis’s announcement. Yes, the technology to reidentify data will only get better. Therefore, government agencies, companies and other institutions that seek to use sensitive personal information should focus on improving their anonymization techniques so that essential research can continue. And it is important for researchers to raise alarms when deidentification processes fail, so that the security measures can be improved and individual privacy can be protected.
Criminalizing redientification, including the white-hat researchers seeking stronger security, does not protect the sensitive personal data of individuals. Perhaps if the criminal offense were limited to those reidentifying data in order to cause harm, that would be of use, but to say all reidentification research is criminal is to misunderstand the privacy problem.