12. September 2009 · Comments Off on Protect yourself – Anonymized data really isn’t · Categories: Identity Theft, Privacy · Tags: , ,

Just in case you thought there was any hope of maintaining personal privacy, forget it. In fact you must assume your personal information is exposed and take steps to prevent identity theft.

Ars Technica reported this week that law professor Paul Ohm published a paper describing how easy it is to identify specific individuals from "anonymized" data that is released for research purposes and his recommendations for minimizing this type of abuse.

Ars Technica, quoting from Paul Ohm's paper, described the process a graduate computer science student used in the mid-90's to identify then governor William Weld of Massachusetts from "anonymized" health records released by the Massachusetts Group Insurance Commission.

Data is anonymized by removing "personally identifiable information" like name, address, and Social Security number. The anonymized data is useful for further statistical analysis by a variety of researchers.

The graduate student showed that she could "reidentify" individuals 87% of the time with only three pieces of information – zip code, date of birth, and sex. The key to her process is the availability of voter rolls, which you can buy for a small fee from any town, at least in Massachusetts. These voter rolls provide the name, address, zip code, birth date, and sex of every voter.

Professor Ohm's call for a reexamination of privacy laws and tougher regulation is admirable as this may protect you against disclosure of medical conditions and the like that can be used against you.

However, the biggest threat right now is identity theft. You must assume that your personal information is out there for anyone who wants it. Therefore you must take steps to limit the risk of identity theft. Start by reviewing the offerings of the three credit agencies Equifax, Experian, and TransUnion.