Privacy/De-identification

Some initial resources, suggested by Peter Swire (background reading on de-identification):

• United Kingdom, Information Commissioner’s Office, “Anonymisation: Managing Data Protection Risk Code of Practice.” 2012.
• U.S. Department of Health and Human Services, “Guidance Regarding Methods of De-Identification of Protected Health Information in Accordance with the HIPAA Privacy Rule.” 2012.

Deeper background:

• Health System Use Technical Advisory Committee, “Best Practice Guidelines for Managing the Disclosure of De-Identified Health Information.” 2010.
• Federal Committee on Statistical Methodology, “Statistical Policy Working Paper 22, Report on Statistical Disclosure Limitation Methodology.” 2005.

• Slides from Deven on HIPAA Guidance

Research results

• Arvind Narayanan, Vitaly Shmatikov. Myths and Fallacies of "PII". Communications of the ACM, June 2010.
• Cynthia Dwork. A Firm Foundation for Private Data Analysis, Communications of the ACM, 2011.
• Joseph A. Calandrino, Ann Kilzer, Arvind Narayanan, Edward W. Felten, Vitaly Shmatikov. "You Might Also Like:" Privacy Risks of Collaborative Filtering. IEEE S&P 2011.
• Arvind Narayanan, Vitaly Shmatikov. De-anonymizing Social Networks. IEEE S&P 2009.
• Arvind Narayanan, Vitaly Shmatikov. Robust De-anonymization of Large Sparse Datasets (How to Break Anonymity of the Netflix Prize Dataset.) IEEE S&P 2008.
• Arvind Narayanan, Elaine Shi, Benjamin I. P. Rubinstein. Link Prediction by De-anonymization: How We Won the Kaggle Social Network Challenge. IJCNN 2011.
• Sweeney, Latanya. "k-anonymity: A model for protecting privacy." International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10.05. 2002.
• Ashwin Machanavajjhala,Daniel Kifer, Johannes Gehrke, Muthuramakrishnan Venkitasubramaniam. L-Diversity: Privacy Beyond K-Anonymity. ACM Transactions on Knowledge Discovery from Data (TKDD), March 2007.
• Ohm, Paul, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization (August 13, 2009). UCLA Law Review, Vol. 57, p. 1701, 2010; U of Colorado Law Legal Studies Research Paper No. 9-12.
• Ann Kavoukian, Khaled El Emam. Dispelling the Myths Surrounding De-identification. June 2011.
• Jane Yakowitz. Tragedy of the Data Commons. Harvard Journal of Law & Technology, Fall 2011.

Government reports

• U.S. Federal Trade Commission, Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers, March 2012.
• Committee on Civil Liberties, Justice and Home Affairs, Rapporteur: Jan Philipp Albrecht. Draft Report on the proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data.
• Use of Pseudonyms in Albrecht's Draft Report
• 1st debate of above in European Parliament Strasbourg 10th Jan. 2013
• LIBE committee rapporteur Jan Albrecht answers question about pseudonymous data, consent and Do Not Track in the draft Regulation. Panel 1, Part 3 from 07:05 and start of Part 4 Computers, Privacy and Data Protection Conference, Brussels, Jan 23 2013
• Article 29 Data Protection Working Party Statement of the Working Party on current discussions regarding the data protection reform package.