For years, computer science security and privacy researchers have sounded the alarm about the methods most often used to deidentify data, finding new attacks that can reidentify seemingly anonymized data points and proposing fixes. Yet these methods remain in common use, and held up as legally sufficient for fulfilling privacy-protection regulations such as HIPAA and GDPR.
HIPAA has been known to be not stringent enough for decades. A lot more than removing 1 or 2 digits of a zip or street names or w/e need to be removed. Just make illegal all sharing of information unless the entity of said information legally agrees, and is paid.
>For years, computer science security and privacy researchers have sounded the alarm about the methods most often used to deidentify data, finding new attacks that can reidentify seemingly anonymized data points and proposing fixes. Yet these methods remain in common use, and held up as legally sufficient for fulfilling privacy-protection regulations such as HIPAA and GDPR.
HIPAA has been known to be not stringent enough for decades. A lot more than removing 1 or 2 digits of a zip or street names or w/e need to be removed.
Just make illegal all sharing of information unless the entity of said information legally agrees, and is paid.
(post is archived)