Feeds

Large databases are not safe enough, says stats boffin

'Identity reconstruction' still possible

Top 5 reasons to deploy VMware with Tegile

Large databases do not adequately protect sensitive personal information, according to a statistics professor in the US, who says that individuals can still be identified despite attempts to anonymise them.

George Duncan is a statistics professor at Carnegie Mellon University in Pittsburgh, Pennsylvania. He writes in the journal Science that traditional methods of anonymising people's database records are not good enough.

He said that databases "de-identify" people by masking important information such as their social security number or their birthday, but that this does not render them unidentifiable. Anyone who can access more than one characteristic of a person in a database has a chance at identifying the person, he said.

The problem is that the very information that most closely identifies a person is likely to be that in which the organisation behind the database is interested, he wrote, meaning that it cannot be deleted or masked.

"The question is, how can data be made useful for research purposes without compromising the confidentiality of those who provided the data?" Duncan said in a statement.

Duncan said that it would be possible to build systems that make this kind of identity reconstruction impossible. He also said that further user-specific restrictions on the use of information in databases would go some way to solving the problem.

It is, said Duncan, a difficult problem to solve. "Achieving 'adequate' privacy will require engineering innovation, managerial commitment, information cooperation of data subjects and social controls (legislation, regulation, codes of conduct by professional associations and response to reactions of the public)," Duncan wrote in Science.

As public and private bodies gather increasing amounts of information on customers and citizens, concern is growing about individuals' rights to privacy within such systems. Some opposition to the Government's identity register is based on fears about the abuse of or errors in the database that would lie behind any ID card.

Privacy watchdog the Information Commissioner has warned that the UK is becoming a surveillance society without adequate privacy safeguards, and the House of Lords earlier this year said they would probe the constitutionality of such widespread surveillance.

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Beginner's guide to SSL certificates

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.