ISEC411: Privacy & Anonymity

Questions and Answers

Which attribute in the provided dataset is considered sensitive?

Profession

Work hours

Gender

Salary (correct)

How would the profession of 'teacher' in the dataset be classified?

Sensitive attribute

Quasi-identifier (correct)

Non-sensitive attribute

Direct Identifier

What is the maximum salary listed for any individual in the dataset?

$50k

$40k

$100k

$250k (correct)

Which statement about the data privacy concerns of the database is correct?

A specific age and location can lead to potential identification.

What type of information is 'Down syndrome' categorized as in terms of sensitivity?

Sensitive attribute

What is considered the most ethical approach to data privacy when possible?

Obtaining consent from the subject

Which of the following describes the HIPAA Privacy Rule?

It restricts the use and disclosure of personal health information.

What type of data sharing arrangement requires patient consent?

Identified patient data

Which of the following attributes is classified as a direct identifier?

Social Security number

What is the primary function of sensitive attributes in data privacy?

To keep the subjects' information confidential

Which of the following is NOT considered a quasi-identifier?

Medical record number

What is the Safe Harbor option in de-identified data under HIPAA?

It mandates the removal of 18 specific attributes.

What best describes a sensitive attribute?

It is confidential information that subjects want to keep private.

What is k-anonymity in relation to data privacy?

It requires that the information of each individual is indistinguishable from at least k-1 others.

Which individual corresponds to the statement 'A 21 year old student, married, living in Al-Ain, and taking ISEC411'?

John

How many unique combinations of quasi-identifiers (QIs) can be derived from the provided dataset?

4

What demographic characteristic differentiates John and Joe in the dataset?

John is married, while Joe is single.

Which disease is mentioned in the dataset?

flu

How many individuals in the dataset were noted to be living in Dubai?

2

If john is born in 1995, how many people correspond to john in the database?

2

Which of the following individuals does NOT meet the criteria of being married?

Joe

Study Notes

Overview of Privacy Law and Data Protection

• Consent is imperative; it is the most ethical way to handle personal data.
• If consent cannot be obtained, anonymity must be pursued, meaning data identity is concealed.
• Anonymized data does not require prior consent from individuals.

HIPAA Privacy Rule

• HIPAA stands for Health Insurance Portability and Accountability Act.
• Established in 1996 to limit the usage and disclosure of personal health information (PHI).
• Applies to covered entities such as hospitals and nursing homes.
• Defines three standards for sharing health data:
  • Identified Patient Data: Requires patient consent.
  • Limited Data Set: Involves removal of 16 direct identifiers and requires a data use contract.
  • De-identified Data:
    • Safe Harbor: Removal of 18 specific attributes classified as PHI.
    • Expert Determination: A statistical approach ensuring anonymity.

Classification of Data Attributes

• Direct Identifiers: Attributes like name, address, and cell phone number that uniquely identify individuals; must be removed before data release.
• Quasi-Identifiers: Include attributes such as ZIP code and birth date, which can potentially re-identify individuals when combined with external data.
• Sensitive Attributes: Include critical private information like medical records and credit card numbers; generally not used in re-identification but are crucial for researchers.

K-Anonymity Concept

• Introduced by Sweeney as a data protection model.
• Achieving K-anonymity means that each individual cannot be distinguished from at least K-1 others in the dataset.
• Ensures substantial privacy by aggregating data so that multiple individuals share the same identification relationship.

Applications of K-Anonymity

• Example dataset of students taking ISEC 411 demonstrates K-anonymity principles using attributes such as age and marital status.
• Considerations must be made on which statements can be accurately released without compromising individual identity.
• Allows critical analysis of how many individuals correspond to provided data points, increasing anonymity.

Examples and Scenarios

• Utilizing datasets to illustrate how demographic attributes can be linked to privacy risks and the importance of proper classification.
• Identifying quasi-identifiers and sensitive information within databases to highlight the importance of careful data management in studies and research.

Description

Test your knowledge on privacy laws, particularly the HIPAA privacy rule, and concepts like k-anonymity. Understand the importance of consent in ethical data handling and explore methods for ensuring anonymity when consent cannot be obtained.