Department of Health data de-anonymised

Email update, 19 December 2017

A short one today: yesterday two of the co-authors on my iVote paper, Drs Vanessa Teague and Chris Culnane, published a paper showing how they managed to identify individual people from an Australian healthcare dataset which was supposedly “anonymised”.

No hack needed: Anonymisation beaten with a dash of SQL

As the paper points out, the problem is that it’s almost impossible to anonymise data effectively if it’s published down to the individual level - when you have individualised data about a person, you can trivially cross-reference it to other information and re-identify the individual in question.

There’s also an excellent Twitter thread by Justin Warren which is well worth reading.