24.10.2015

NIST: Report "De-Identification of Personal Information"

NIST Report (author: Simson L. Garfinkel) entitled "De-Identification of Personal Information" (pdf), inter alia covering de-Identifying medical imagery, genetic information and biological materials

Abstract: De-identification removes identifying information from a dataset so that individual data cannot be linked with specific individuals. De-identification can reduce the privacy risk associated with collecting, processing, archiving, distributing or publishing information. De-identification thus attempts to balance the contradictory goals of using and sharing personal information while protecting privacy. Several U.S laws, regulations and policies specify that data should be de-identified prior to sharing. In recent years researchers have shown that some de-identified data can sometimes be re-identified. Many different kinds of information can be de-identified, including structured information, free format text, multimedia, and medical imagery. This document summarizes roughly two decades of de-identification research, discusses current practices, and presents opportunities for future research.
Another finding worth highlighting: "Currently, there is no scientific consensus on the minimum size of a genetic sequence necessary for re-identification. There is also no consensus on an appropriate mechanism to make deidentified genetic information available to researchers without the need to execute a data use agreement that would prohibit re-identification."