![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
Abstract
Anonymization is viewed as an instrument by which personal data can be rendered so that it can be processed further without harming data subjects' private lives, for purposes that are beneficial to the public good. The anonymization is fair if the possibility of re-identification can be practically excluded. The data processor does all that he or she can to ensure this. For a fair anonymization, simply removing the primary personal identification data, such as the name, resident address, phone number and email address, is not enough, as many papers have warned. Therefore, new guidance documents, and even legal rulings such as the HIPAA Privacy Rule on de-identification, may improve the security of anonymization. Researchers are continuously testing the efficiency of the methods and simulating re-identification attacks. Since the US and Canada do not have a population registry, re-identification experiments were carried out with the help of other publicly available databases, such as census data or the voters' database. Unfortunately, neither of these is complete and sufficiently detailed, so the computed risk was only an estimate. The author obtained the zip code, gender, date of birth distribution data from the Hungarian population registry and computed re-identification risks in several simulated cases. This paper also gives an insight into the legal environment of Hungarian personal medical data protection legislation.
Acknowledgement
The author would like to thank the Central Office for Administrative and Electronic Public Services (in Hungarian: Közigazgatási és Elektronikus Közszolgáltatások Központi Hivatala, KEKKH) for the research dataset taken from the national population registry.
Funding
This work was partially supported by the European Union and the European Social Fund through project FuturICT.hu (grant no. TÁMOP-4.2.2.C-11/1/KONV-2012-0013).
Notes
This article was originally published with errors. This version has been corrected. Please see Erratum (doi: 10.1080/13600869.2014.884534)
1. In Paul Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, footnote 223.
2. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Article 6 paragraph 1 (a).
3. The law was intended to establish controlled information flow between covered entities such as health service providers, health insurance companies and state supervisory authorities all over the United States as well as protecting patients' privacy. It has come into force in a step-by-step fashion since 1996. The latest modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules came into force in September 2013.
4. See Evans (2011, 72).
5. See http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/guidance.html (retrieved 12 October, 2013).
6. See Ohm (Citation2010, 1721).
7. Internet Movie Database, http:// http://www.imdb.com/
8. See Information Commissioner for UK (2012, 17).
9. The latest, amended version of the declaration (dated 2008) can be found on the web page of the WMA: http://www.wma.net/en/30publications/10policies/b3/ (retrieved 12 October, 2013).
10. On 19 August 1947, the court delivered the verdict in the ‘Doctors’ Trial’ in Nuremberg against doctors involved in human experiments in concentration camps. The court applied these basic ethical principles in the decision, accepting Dr. Leo Alexander's six points and adding four others. See: http://www.hhs.gov/ohrp/archive/nurcode.html (retrieved 12 October, 2013).
11. Convention for the Protection of Human Rights and Dignity of the Human Being with regard to the Application of Biology and Medicine: Convention on Human Rights and Biomedicine, No. CETS-164, Oviedo, 4 April 1997.
12. There may be several reasons for it. For example, the data subject has already died, getting consent from many data subjects requires disproportionate effort, or the data subjects would probably deny their consent.
13. See Caldicott (Citation2013, 79).
14. UK High Court decision EWHC 1430 (20 April, 2011), http://www.bailii.org/ew/cases/EWHC/Admin/2011/1430.html (retrieved 12 October, 2013).
15. See the decision in the HuDOC database: http://www.echr.coe.int/ECHR/EN/Header/Case-Law/Decisions+and+judgments/HUDOC+database/
17. The place could be a town, city or municipality. Several five-digit zip codes may be associated with a single geographical place.
18. It contains aggregated data taken from all places within that county.
19. Dr. Philip Golle (Golle Citation2006) wanted to reproduce this figure by making use of the US 2000 Census database, but he found that 63% of the US population were uniquely identifiable.
20. http://mathworld.wolfram.com/BinomialCoefficient.html (retrieved 12 October, 2013).
21. By definition, a quasi-identifier is not a unique identifier but when applied in combination with other quasi-identifiers it may uniquely identify a person.
22. They found five quasi-identifiers: sex, length of stay in days, the quarter for admission, region, and age in weeks for newborn babies.
23. The referendum of 8 April 2013 in Nagykőrös was declared invalid due to a poor turnout, URL: http://www.pestmegyei-hirhatar.hu/hir/ervenytelen-lett-a-nagykorosi-nepszavazas (retrieved 12 October, 2013).
24. http://adatgyujtes.gyemszi.hu/TEA/ (retrieved 12 October, 2013).
26. In 2009, the Constitution Court issued decision No. 29/2009 on 21 March, where they ruled that the National Health Insurance Fund must not collect personal data from unsubsidized health care events (including purchasing unsubsidized prescription-only medicines). The author did much to support the interests of the case.
27. If TAJ is d1d2d3d4d5d6d7d8d9 then d9 = [3*(d1 + d3 + d5 + d7) + 7*(d2 + d4 + d6 + d8)] mod 10, see Act XX of 1996 on Personal Identification Methods and Identification Codes.
30. Its official name is: Act CXII of 2011 on Informational Self-Determination and Freedom of Information, which came into force on 1 January 2012. An English translation can be got from the homepage of the National Authority for Data Protection and Freedom of Information. As it happens, the text is not completely faithful. See: http://www.naih.hu/files/ActCXIIof2011_mod_lekt_2012_12_05.pdf (retrieved 12 October, 2013).
31. Its official name is: Act XLVII of 1997 on Processing and Protection of Health Data and Personal Data Related to them.
32. Retrospective medical research is supported by force of law, without the possibility of legal remedy. Although the Data Protection Act contains the right to object in the case of scientific research, the Health Data Protection Act does not. As regards the ‘lex specialis derogat lex generalis’ principle, the issue of the right to object is currently under debate.
33. Arrêté du 11 juillet 2012 relatif à la mise en œuvre du système national d'information interrégimes de l'assurance maladie, URL: http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000026221180&dateTexte=&categorieLien=id (retrieved 12 October, 2013).
34. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
35. Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=en&numdoc=52012PC0011 (retrieved 12 October, 2013).
36. http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/pr/922/922387/922387en.pdf (retrieved 12 October, 2013).
37. Amendment 27 on page 24.
38. http://ec.europa.eu/justice/news/consulting_public/0003/contributions/organisations_not_registered/association_for_fair_data_processing_en.pdf (retrieved 12 October, 2013).
39. The service can be accessed using http://kereso.eekh.hu/ (retrieved 12 October, 2013).
40. The Hungarian decision can be found on the homepage of the Constitutional Court: http://public.mkab.hu/dev/dontesek.nsf/0/059A5C0C4D459EF7C1257ADA00529A2E?OpenDocument (retrieved 12 October, 2013).