Data Privacy October 30 2007 Privacy Policy Law
Data Privacy October 30, 2007 Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2007 • Lorrie Cranor • http: //cups. cmu. edu/courses/privpolawtech-fa 07/ 1
k-anonymity n “A release provides k-anonymity protection if the information for each person contained in the release cannot be distinguished from at least k-1 individuals whose information also appears in the release. ” http: //privacy. cs. cmu. edu/people/sweeney/kanonymity. html Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2007 • Lorrie Cranor • http: //cups. cmu. edu/courses/privpolawtech-fa 07/ 2
De-identification and re-identification n Simplistic de-identification: remove obvious identifiers n Better de-identification: also k-anonymize and/or use statistical confidentiality techniques n Re-identification can occur through linking entries within the same database or to entries in external databases Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2007 • Lorrie Cranor • http: //cups. cmu. edu/courses/privpolawtech-fa 07/ 3
Examples n When RFID tags are sewn into every garment, how might we use this to identify and track people? n What if the tags are partially killed so only the product information is broadcast, not a unique ID? n How can a cellular provider identify an anonymous pre-paid cell phone user? n Other examples? Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2007 • Lorrie Cranor • http: //cups. cmu. edu/courses/privpolawtech-fa 07/ 4
Techniques for protecting privacy n Best • No collection of contact information • No collection of long term person characteristics • k-anonymity with large value of k n Good • • No unique identifiers across databases No common attributes across databases Random identifiers Contact information stored separately from profile or transaction information • Collection of long term personal characteristics on a low level of granularity • Technically enforced deletion of profile details at regular intervals Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2007 • Lorrie Cranor • http: //cups. cmu. edu/courses/privpolawtech-fa 07/ 5
- Slides: 5