Easily identifiable data - which is it?

Easily identifiable data - which is it?

Did you know that data that we all consider anonymous is easily identifiable today? If you think it doesn't concern you, you're completely wrong.

There are several tools for re-identifying individuals and are readily available. Failure to comply with sufficiently anonymised data will violate GDPR.

Under current methods used to anonymize data, individuals are at risk of re-identification.

The chance of data recovery is almost 100%

Scientists at Imperial College in London, along with scientists from UCLouvain in Belgium, developed an algorithm which found that anonymous databases can be back-parsed with 99.98% accuracy.

Sample data is often anonymized by removing identifying characteristics, such as names or email addresses, so individuals cannot be identified. For example, a hospital may remove patient names, addresses, or birth dates from medical records, allowing them to open access to large data sets for analysis for researchers.

When the data does not contain these identifying characteristics, they are no longer subject to the privacy regulations and can be freely used and passed on to third parties such as advertising companies and data brokers.

However, research argues that anonymisation is not enough to allow a company to circumvent laws such as the GDPR.

According to their model, up to 99.98% of Americans would be correctly re-identified in any dataset using only 15 demographic attributes. Scientists say that even with anonymised datasets that have been sampled, these probably do not meet modern anonymization standards.

Pseudonymized vs. anonymized

According to lawyer Frank Jenning, GDPR does not cover personal data that have been anonymized in such a way that the data subject cannot be identified. However, if the data file is inadequately anonymized before it is passed, this will allow the prospective buyer to use the available tools to re-identify individuals, but this will be considered 'pseudonymised' rather than 'anonymised'.

It is important to realize that tools and technologies are constantly evolving and what was enough to anonymize last year may not be sufficient this year.