cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I

DE-anonmyization / RE-Identification from Census Data

As the U.S. Census Bureau prepares for the upcoming decennial census in 2020, they are acting based on results of a test using the 2010 census data that showed it possible to identify 52 million individuals by name and location through cross-matching census data with other public, commercial databases. Census data is supposed to be protected so no individual data can be identified; it is illegal to release personally identified specific census responses. 

 

AP News has an excellent article describing the situation, and concerns from researchers in several fields over damage to proper uses of the data that this "statistical fuzzing" of the census data may cause. See

Researchers question Census Bureau's new approach to privacy

by By JENNIFER McDERMOTT and MIKE SCHNEIDER, 9/28/19

 

Quoted from the article:

Confronted with that discovery, the bureau announced that it would add statistical “noise” to the 2020 data, essentially tinkering with its own numbers to preserve privacy. But that idea creates its own problems, and social scientists, redistricting experts and others worry that it will make next year’s census less accurate. They say the bureau’s response is overkill.

“This is a brand new, radically more conservative definition of privacy,” University of Minnesota demographer Steven Ruggles said.

 

Implications for infosec specialists charged with protecting individuals' privacy in databases come to play here. How will it impact compliance with "right to be forgotten" laws, and especially GDPR?

 

Craig

 

 

 

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
2 Replies
Chuxing
Community Champion

Here seems to be a gray area - since the U.S. Census Bureau is not considered as a 'concern' with business ties in EU (?), should they abide, legally, by GDPR?

 

Just curious...

 


____________________________________
Chuxing Chen, Ph.D., CISSP, PMP
CraginS
Defender I


@Chuxing wrote:

Here seems to be a gray area - since the U.S. Census Bureau is not considered as a 'concern' with business ties in EU (?), should they abide, legally, by GDPR?

 

Just curious...

 


Chuxing,

My reference to GDPR was not based on thinking the US Census Bureau is subject to GDPR. (I agree with you that it is not.) Rather, consider that the testing by the Census Bureau has shown how likely it is that any "anonymized" data base which the owner thinks is GDPR compliant is likely subject to de-anonymization and re-identification of individuals through the same cross-database matching processes.

 

Craig

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts