TECHNOLOGY
 PRODUCTS
 SERVICES
 NEWS
 ABOUT US
 CONTACTS
 
     
 
The Devil is in the Details

We live in a world where our personal information is continuously captured in a multitude of electronic databases. Details about our health, financials and buying habits are stored and managed by public and private organizations. These databases contain information about millions of people and can provide valuable research and business insight. Since these databases contain records that identify specific individuals they cannot be disseminated for privacy reasons. Fortunately personal details are not needed to draw population level conclusions, to detect trends, and to build predictive models. A database can be "de-identified" prior to release and yet retain its utility. De-identification protects individual privacy and minimizes legal expsure and the consequences from breaches.


  
 
     
 
Who does this impact?


Manage risks when collecting and disclosing personal information

Custodians. Health information custodians disclose patient data to registries, researchers, government agencies, and commercial entities without patient consent - often based on the assumption that the disclosed data is anonymous. To meet legislative requirements, custodians must ensure that the data they disclosed is properly de-identified.

Data Brokers. Customer information is sold to data brokers for the market intelligence it can provide (pharmaceutical, financial, insurance). In some jurisdictions, data brokers must de-identify the data they collect to adhere to privacy legislation. But all brokers would have a lower risk expsure from breaches if their data was de-identified.

 Governments. Governments tend to be conservative in the disclosure of personal information when responding to access to information requests. This has resulted in a dis-satisfied public and media. With precise risk assessments, it would be possible to objectively justify a decision not to release some information, but also have better risk management to enable more transparency.


Why worry about privacy?


A privacy breach has serious consequences

Legislation. Most governments have enacted legislation requiring organizations to adopt measures to protect personal data. For example, in the United States, health information is protected by the Health Insurance Portability and Accountability Act (HIPAA) and financial information by the Sarbanes-Oxley Act (SOX). Similar legislation exists in the European Union and Canada.

Litigation. Should a person's private information be released by an organization without the person's consent, they have the right to sue. This can lead to costly litigation.

Cost. If an organization inadvertently releases private information, legislation mandates that the people whose data was exposed must be notified. In addition to the cost of breach notification, an organization can face significant litigation and compensation costs.

Reputation. A privacy breach is a public relations disaster for an organization (public or private) and can directly affect a company's bottom line.

Read about several high-profile incidents where improper de-identification resulted in a privacy breach.

 
 
Products   |   Services   |   Technology   |   News   |   About Us   |   Contacts

Copyright (c) 2008-2009. All Rights reserved. Privacy Analytics.