/
Depersonalization

Depersonalization

Mar 08, 2010

Depersonalization

1 Unclassified, available data | 2 Should have: | 3 Should not have: | 4 Open Questions | 5 Types of Anonymization (as a verb) | 6 Depersonalization verses Anonymization

Context: Sally authorizes access to a "depersonalized" version of her Road Warrior travel data.

For example, the data given to London Transport

Unclassified, available data

  1. Space-time travel data, speed, time

  2. Compliance with speeding / traffic restrictions

  3. Hours/day

Should have:

  1. Average distance traveled

  2. Average # of stops/starts

  3. Vehicle classification for congestion charge (permit/fee status)

  4. Segment by segment travel

Should not have:

  1. Obvious PII

    1. Name

    2. Driver's License #

    3. Addresses

      1. home

      2. work

    4. d. end-to-end travel

Open Questions

  • Difference between Sally and the vehicle?

  • How are other drivers accounted for?

Types of Anonymization (as a verb)

  1. Scrubbing (removing PII)

  2. Aggregate to ambiguity (increase the # of people that could be confused with Sally)

    1. number of replaceable entities

    2. number of queries

Depersonalization verses Anonymization

  • Process. Steps taken.

  • Not an endpoint. (Anonymization seems like an endpoint.)