Protecting Data Innovation and Privacy

Contact:
William Dube
[email protected]
202-626-5744

WASHINGTON (June 16, 2014) - Properly applied, de-identification of data is an effective tool to protect privacy, while allowing for the analysis and use of information to improve numerous aspects of society. Unfortunately, a number of advocates have taken to perpetuating the myth that individual identities cannot be completely stripped out of datasets and have argued that this is reason enough to slow development and use of data analytics. The perpetuation of this myth has the potential to adversely impact the continued evolution of the data economy while also inhibiting efforts to improve health care, public safety and community development.

In order to address the misconceptions surrounding de-identification, Information Technology and Innovation Foundation (ITIF) Senior Analyst Daniel Castro and Ontario Information and Privacy Commissioner (IPC) Ann Cavoukian have jointly released a new white paper, Big Data and Innovation - Setting the Record Straight: De-Identification Does Work.

It examines a select group of articles that are often referenced in support of the myth that de-identified datasets are at risk of re-identifying individuals through linkages with other available data. It examines the ways in which the academic research referenced has been misconstrued and finds that the primary reason for the popularity of these misconceptions is not factual inaccuracies or errors within the literature, but rather a tendency on the part of commentators to exaggerate the risk of re-identification. While the research does raise important issues concerning the use of proper de-identification techniques, it does not suggest that de-identification should be abandoned.

"Data innovation is transforming numerous aspects of society from health care to education, and privacy concerns need to be balanced with the public benefits the enhanced use of data provides," notes Castro, who is also director of the Center for Data Innovation an affiliate of ITIF. "De-identification is a useful tool for maintaining this balance and it is my hope this report will address unnecessary fears and help expand and improve the use of these techniques moving forward."

The co-authors also argue that the discovery of a new technique for re-identifying data should not be seen as an indictment of the utility of creating anonymized datasets. Instead, it should be used as an opportunity to improve de-identification techniques through continuous testing and research. Indeed, this type of back and forth between discovering new risks, followed by developing and deploying countermeasures to mitigate those risks, is the bedrock of the scientific process underlying much of computer security.

"We must remain vigilant in reversing the perception that de-identification is an ineffective tool to protect privacy, we cannot allow it to become a self-fulfilling prophecy," says Cavoukian. "Strong de-identification remains an essential tool to protecting privacy and allowing innovative research to flourish. This serves as yet another example of how privacy enables innovation."

Read the report.