Privacy consultant Bob Gellman has published an article in the Fordham Intellectual Property Media and Entertainment Law Journal. “The Deidentification Dilemma: A Legislative and Contractual Proposal” (Fordham pdf; archive pdf), which focuses on the problems that can arise from reidentification of data that is described as deidentified. I’ve written about this issue before. Often, data that is believed to have been made anonymous can easily be “de-anonymized,” and sensitive data would be linked back with the affected individual.
The abstract says: “Deidentification is one method for protecting privacy while permitting other uses of personal information. However, deidentified data is often still capable of being reidentified. The main purpose of this article is to offer a legislative-based contractual solution for the sharing of deidentified personal information while providing protections for privacy. The legislative framework allows a data discloser and a data recipient to enter into a voluntary contract that defines responsibilities and offers remedies to aggrieved individuals.”
From the introduction:
This article begins with the premise that statistical, encryption, or other mathematical approaches to deidentification aimed at protecting privacy6 fail to provide solutions to address all data types and data sharing activities. These approaches still have value because they provide some degree of privacy protection, but they seldom achieve complete deidentification of data. No matter how many identifiers have been removed or encrypted and no matter how much data has been coded or masked, the remaining data may still be reidentified. Further, the value of data for legitimate uses, such as research, may be significantly reduced when the data is processed without identifiers which were removed to protect privacy. In the absence of a technical solution to reidentification, other approaches are needed.
The solution presented here focuses on controlling reidentification and providing accountability for those who promise not to reidentify information. This article offers a legislative-based contractual solution for the sharing of deidentified personal information while providing protections for privacy. This legislative framework allows a data discloser and a data recipient to enter into a voluntary contract that defines responsibilities and offers remedies to aggrieved individuals.
Additionally, this legislative approach offers (a) common standards, (b) protections for the data subjects which are likely never to appear in private contracts, (c) a framework that can be incorporated by reference in regulations, and (d) a safe harbor provision for some activities of reidentification. The proposed contractual solution can be useful whether personal information is deidentified in support of academic research or other objectives. This proposal is not a universal guarantee of privacy, nor will it work for all data exchanges. It will, however, provide another tool to support the sharing of personal data while addressing the privacy interests of the data subjects.