Recent computer science research demonstrates that anonymized data can sometimes be easily re-identified with particular individuals, despite companies’ attempts to isolate personal information. Netflix and AOL are two examples of companies that released personal data intended to be anonymous but which was reidentified with individual users with the use of very small amounts of auxiliary data. Re-identification of anonymized data may expose companies to increased liability, as the information may no longer be treated as anonymous. In addition, companies may violate their own privacy policies by releasing anonymous information to third parties that can be easily re-identified with individual users. The potential for third parties to re-identify anonymous information with its individual source indicates the need for both increased privacy protection of anonymized information and increased security for databases containing anonymized information.
C. C. Porter,
De-identified Data and Third Party Data Mining: The Risk of Re-identification of Personal Information,
5 Shidler J. L. Com. & Tech.
Available at: https://digitalcommons.law.uw.edu/wjlta/vol5/iss1/3