1ihHZ6h

Legal Implications of Big Data: A Primer | David Navetta
of Big Data practices, specifically where the collection and
aggregation of seemingly harmless data about a person can
be used to reveal sensitive information (e.g., health status,
sexual orientation, and financial status).
Anonymization and Big Data
One technique for mitigating privacy-related risks associated
with Big Data is de-identification or anonymization. 17 Data
sets that are de-identified have had key information stripped
away in order to prevent others from individually identifying
the persons to whom the data set relates. This technique
allows organizations to work with Big Data sets while mitigating
privacy concerns, and has been used in many realms,
including health care, banking and finance, and online advertising.
In fact, many regulatory regimes recognize the concept of
de-identified personal information. Under regulations promulgated
pursuant to Gramm-Leach-Bliley 18 (regulating the
privacy and security of financial data) “personally identifiable
financial information” does not include information that
does not identify a consumer “such as aggregate information
or blind data that does not contain personal identifiers such
as account numbers, names, or addresses.” 19 The Office for
Civil Rights of the Department of Health and Human Services
has issued extensive guidance concerning de-identification
of health data, and sets forth two methods to achieve
de-identification under HIPAA: expert determination and
“safe harbor” de-identification (which involves removing
eighteen types of identifiers from health data). 20 Under European
data protection laws, to achieve legally permissible
de-identification, “anonymization of data should exclude any
possibility of individuals to be identified, even by combining
anonymized information.” 21
However, organizations relying on de-identification to circumvent
privacy issues (and liability) must proceed carefully.
If de-identification is not performed properly, it may be possible
to re-identify individuals in an anonymized data set.
There have been several real-life instances where re-identification
has occurred, and researchers have also been able to
demonstrate methods for identifying individuals from data
that appeared anonymous on its face.
In one infamous example, as part of a contest to create a better
movie recommendation engine, Netflix released an anonymized
data set containing the movie rental histories of approximately
480,000 of its customers. Researchers established
that they could re-identify some of the Netflix customers at
issue by accessing and analyzing publicly available information
concerning movie ratings performed by such custom-
17 See http://en.wikipedia.org/wiki/De-identification.
18 Gramm-Leach-Bliley Act of 1999, Pub. L. No. 106-102, 113 Stat. 1338 (codified as
amended in scattered sections of 12 and 15 U.S.C. (2008)).
19 See 17 CFR PART 248.
20 See Guidance Regarding Methods for De-identification of Protected Health
Information in Accordance with the Health Insurance Portability and Accountability
Act (HIPAA) Privacy Rule, http://www.hhs.gov/ocr/privacy/hipaa/understanding/
coveredentities/De-identification/hhs_deid_guidance.pdf.
21 European Union Directive 95/46/EC.
ers. 22 The Netflix contest eventually led to a lawsuit 23 against
the company and regulatory scrutiny from the Federal Trade
Commission. In another example, a researcher showed how
she could re-identify persons with data in an anonymous
health care data base by using publicly available voter records
(in this case she was able to re-identify the information of the
governor of Massachusetts). 24
The risk of re-identification of Big Data sets using contextual
“micro data” is a significant concern for organizations work-
22 See Robust De-anonymization of Large Data sets (How to Break Anonymity of the
Netflix Prize Data set) http://arxiv.org/PS_cache/cs/pdf/0610/0610105v2.pdf. The
Netflix contest eventually lead to a lawsuit against the company and regulatory
scrutiny by the Federal Trade Commission.
23 See http://www.wired.com/images_blogs/threatlevel/2009/12/doe-v-netflix.pdf.
24 See http://www.cs.duke.edu/~ashwin/pubs/BigPrivacyACMXRDS_final.
pdf.
The ISSA Web Conferences bring together ISSA
members from around the world to share leading
industry presentations and answer members’
questions. Each event is designed to address the timely
needs of our members through a live, online event and a
subsequent recorded version for on-demand viewing.
All content is developed by the ISSA Web Conference
Committee. CPE credit available: ISSA members will be
eligible for a certificate of attendance, after successful
completion of a post-event quiz, to submit CPE credits for
various certifications.
Legislative Landscape
2-Hour Live Event: March 26, 2013
9am US Pacific/12pm US Eastern/5pm London
Generously supported by Venafi.
Increasingly legislation and regulation are becoming extremely
important drivers for what information security
professionals have to do, and the pace of delivery seems to
be increasing wherever you work in the world today. What
impacts will recently enabled, pending, and possible future
legislation and regulation have on organizations and
individuals and their approaches to what and how they do
information security How do we prioritize what is most
important What can we do to make compliance easier
How do we get our policies aligned with the differing
regulatory environments across different jurisdictions
How do we deal with export controls (software and information)
In some cases the question might be “How do
we stay out of jail” Join our industry experts to get their
views on this topic and the questions around it.
Click here to register or here for more information.
Visit https://www.issa.org/page=WebConferences
for information on our 2013 schedule.
18 – ISSA Journal | March 2013
©2013 ISSA • www.issa.org • editor@issa.org • All rights reserved.