Data collection is fueling advances in numerous areas of business: technology, business, medicine and more. Most of the world’s population is online, and we are increasing the amount of data we share through internet-connected devices and applications. This gives organizations vast datasets to use in a variety of research initiatives. In turn, they use this information to more effectively find patterns and trends so they can improve their products and services.
But naturally, having so much personal information online is laden with risks.
Identifiable records of all types can make a person vulnerable to identity theft, targeted attacks and other types of fraud or abuse. As such, data collectors must ensure that personal data doesn’t result in personal identification.
The current go-to method for protecting the identity of individuals represented in datasets is to anonymize their records by de-identifying and sampling them. Companies that store personal records do this before sharing those records with a third party. The idea: Withholding data that would directly identify the individual allows information to be used without fear of identity fraud.
But it appears that anonymizing data isn’t enough to keep us protected.
Anonymizing Falls Short Far More Often Than You Think
Nature Research journal Nature Communications recently published a study in which a group of security researchers applied a re-identification method on anonymized records. Their goal was to determine the likelihood of a record’s uniqueness given a certain number of demographic details. Their conclusion was that in any dataset, the identity associated with a record could be ascertained 99.98% of the time given 15 demographic variables.
Worse: This re-identification research is one of several studies that have shown personal identification to be possible using de-identified records.
The standard that organizations use to protect our anonymity is being proven inadequate. Cybersecurity experts emphasize that organizations must use additional protections. Any companies and institutions managing personal data can, for instance, deploy cryptographic and access-control methods of privacy protection to add a needed layer of protection.
Are you unsure about how to protect all the personal data you’re collecting? Lunarline helps organizations enhance their protection of personally identifiable information with a range of industry-leading tools and services. Contact us today to find out more about how we can assist.