One key method for ensuring privacy while processing large amounts of data is de-identification.
De-identified data refers to data through which a link to a particular individual cannot be established. This often involves “scrubbing” the identifiable elements of personal data, making it “safe” in privacy terms while attempting to retain its commercial and scientific value.
In legal terms, the criteria for de-identified data remain vague. The Health Insurance Portability and Accountability Act defines data as de-identified if it “does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is not individually identifiable health information.” In its recent report, the FTC gave recommendations to help assess whether data should be considered identifiable. However, best practices have not been identified and industry practices vary widely.
The Future of Privacy Forum held a conference on December 5, 2011 to begin addressing this issue. Our goal is to facilitate the development of safe de-identification practices for data sets that extend beyond the health-care sector.
Future of Privacy Forum “De-ID Project”
The De-ID project will focus on several aspects of the de-identification landscape, including de-identification technologies, real-world applications, and existing/future legal frameworks.
FPF’s first task will be to establish a De-ID working group composed of privacy advocates, industry stakeholders, consumer groups, academics, and policymakers. The working group will focus on
identifying current applications of de-identification in diverse sectors with the goal of identifying current leading practices. FPF will rely on the “De-ID” working group’s expertise throughout this project. FPF will also look to identify potential areas for improvement within the existing de-identification landscape.
FPF will also publish a number of use cases that illustrate reasonable steps for de-identification with various types of data sets. This portion of the project will serve to examine the range of de-identification processes and the technology available to de-identify data.
A working premise of the project assumes that legal and policy commitments are a critical part of the de-identification discussion. As such FPF will seek to frame the levels of technical de-identification with the legal and policy commitments that may be needed.
FPF’s twelve month “De-ID” project will culminate with a conference where the project’s use cases, policy paper, and working group findings will be presented to stakeholders and policymakers. FPF’s goal is to use the evidence produced throughout the project to help inform future policy and “best practices” discussions. While the main corpus of De-identification policy is currently found in the Health-Care field, FPF aims to broaden de-identification dialogues to include other sectors that rely on personal data.