Privacy

Anonymous Data Isn’t Always Anonymous

Anonymous Data Isn’t Always Anonymous

An acquaintance recently mentioned to me that she was going to get a DNA report from one of the big DNA testing companies. Because I knew that Forbes reported that “many genetic-testing companies are actively selling user data to outside parties,” including pharmaceutical companies and others, I suggested that she should carefully read all of the privacy policies and not simply agree to the defaults in order to limit the distribution of this most personal information. Her response? “Well, they say my name won’t be associated with it, so I don’t see a problem. It’s anonymous.” But not having your name attached to data doesn’t mean that it cannot be associated with you.

Investopedia defines de-anonymization as “the technique in data mining that re-identifies encrypted or generalized information. De-anonymization, also referred to as data re-identification, cross-references anonymized information with other available data in order to identify a person, group, or transaction.” That means that even though a piece of data is anonymous, when combined with other available data it often can be matched to a specific person.

In fact, there are so many databases containing information about us that it is relatively easy for interested parties (including marketing firms) to cross-reference data in order to de-anonymize everything from location data to credit card usage to celebrity tipping habits to, yes, DNA test results. Those DNA results can reveal genetic markers that indicate an increased risk of developing a disease, such as Alzheimer’s. That information could then be used against the person in question, perhaps to deny employment or insurance coverage or to smear a political opponent.

In 1996 the Massachusetts Group Insurance Commission released anonymized data regarding hospital visits of state employees. Governor William Weld assured the public that the patients’ privacy was protected by the removal of obvious identifying data. However, researcher Latanya Sweeney was able to find Weld in the database with a few pieces of publicly available information. She made her point by sending his medical records to his office. Since that time, “big data” has only gotten bigger and has made it even easier to connect names to so-called anonymous data.

Wired gives these examples: “Google, with its database of users’ internet searches, could easily de-anonymize a public database of internet purchases, or zero in on searches of medical terms to de-anonymize a public health database. Merchants who maintain detailed customer and purchase information could use their data to partially de-anonymize any large search engine’s data, if it were released in an anonymized form. A data broker holding databases of several companies might be able to de-anonymize most of the records in those databases.”

The things you post on Facebook, your Google searches, your credit card purchases and a number of other pieces of information that are innocuous on their own can be merged to form a detailed picture of your life. Keep that in mind when you are told your data will be anonymous.