What is usually called ‘anonymous’ data can actually be easily associated to a specific person and reveal everything about him/her:from medical records to purchase histories.
As an example, in August 2016 the Australian government released an anonymised data set comprising the medical billing records (including prescriptions and surgery) of 2.9 million people.
Even if names and other identifiers were removed in order to ensure privacy, a group of researchers from the University of Melbourne showed that it was simple to re-identify people by comparing the dataset to other publicly available information, thus learning the entire medical history of people without their expressed content. The data set was downloaded 1,500 times before being removed.
Location data from mobile phones also constitutes a fingerprint. Yves-Alexandre de Montjoye, a computational privacy researcher, analysed a mobile phone database of the approximate locations (based on the nearest cell tower) of 1.5 million people over 15 months and showed how it was possible to uniquely identify 95% of the people with just four data points of places and times (including a person’s home address, work address and geo-tagged Twitter posts). About 50% could be identified from just two points.
In 2015, De Montjoye also showed that it was easily possible to identify the owner of a credit card just by knowing details of 3 transactions (the names and locations of shops where purchases took place, and the approximate dates and purchase amounts). Through this information, De Montjoye was able to identify 94% of people.
Do you want to know more about anonymisation and sanitisation technologies? e-SIDES is working on this, check the deliverable D3.2 Assessment of Existing Technologies for more information: