Depersonalization

Depersonalization

Context: Sally authorizes access to a "depersonalized" version of her Road Warrior travel data.

For example, the data given to London Transport

Unclassified, available data

  1. Space-time travel data, speed, time
  2. Compliance with speeding / traffic restrictions
  3. Hours/day

Should have:

  1. Average distance traveled
  2. Average # of stops/starts
  3. Vehicle classification for congestion charge (permit/fee status)
  4. Segment by segment travel

Should not have:

  1. Obvious PII
    1. Name
    2. Driver's License #
    3. Addresses
      1. home
      2. work
    4. d. end-to-end travel

Open Questions

  • Difference between Sally and the vehicle?
  • How are other drivers accounted for?

Types of Anonymization (as a verb)

  1. Scrubbing (removing PII)
  2. Aggregate to ambiguity (increase the # of people that could be confused with Sally)
    1. number of replaceable entities
    2. number of queries

Depersonalization verses Anonymization

  • Process. Steps taken.
  • Not an endpoint. (Anonymization seems like an endpoint.)