Society trusts data privacy practitioners to make decisions about which fields of personal income, medical, or educational information can be shared publicly in accordance with laws and standards. How good are the decisions they make? They don’t have to publish the protocols they use, and they often prohibit others from telling them about vulnerabilities found in the data. So, in the silence, these practitioners circularly assert that there are no problems. We had a unique opportunity in a legal setting to examine the real-world decision-making of a team of accomplished data privacy experts and to test the quality and accuracy of the decisions they make. The litigation, Richard Sander et. al v. State Bar of California et. al., was over whether the release of requested data was required by California law . During the lawsuit, an expert team of data privacy practitioners proposed four “best practice” protocols that they asserted were sufficient to protect the privacy of individuals whose information was in the data. All four protocols claimed to leverage approaches widely used today in government, corporate, and research practice. This paper presents their protocols and shows, based on analysis that was made public during the trial, vulnerabilities that each protocol had to re-identifications – the ability to associate real names to “anonymized” data records.
Sweeney, Latanya, Michael von Loewenfeldt, and Melissa Perry. "Saying it’s Anonymous Doesn't Make It So: Re-identifications of “anonymized” law school data." Technology Science (November 2018).