Identifiability and Privacy

What ID’ing Data Looks Like

• Data identifiability could hold many forms: name, location, personal financial or medical records; or online-specific identifiers: IP addresses, MAC addresses, hardware signatures
• It is not always possible to remove all traces of identifiable information in data. In some cases (research work for example), the inclusion of some form of personality to the data might even be necessary

Human-Sourced data can be linked back to individuals, unless it is somehow “anonymized”. This can lead to a breach of trust, and invasion of privacy.

• Legally, “Harm” consists of two parts: Visceral and Vested:
• There must be some demonstrated form of physical injury or financial loss (visceral)
• The harms must have already occurred (vested)

​

​

Remember that like all software projects, anonymization and privacy are acceptability/risk tradeoffs

Food For Thought

• How do you try and predict the cost of potential negative impacts of your work, especially for problems that have not yet occurred?

​

• What are some of the best and worst case scenarios for someone gaining unwarranted access to individually-identified data? Is it fair or reasonable to always plan against the absolute worst-case?

​

• Whose responsibility is it to prevent harm from befalling people ahead of time when it comes to data security; the original creator of each piece of data, or the people storing it?