Youth Justice Board anonymised data in UK

Seems that the Youth Justice Board has built a new system (Youth Justice Board Information System, YJBIS) that generates statistical information based on so called anonymous data in the UK. We get back to that old discussion, of “how anonymous is anonymous”? Not very if you strip identifying information but in certain circumstances the data does not lose it’s anonymity. Take a look at what has been posted on ARCH blog for example concerning the YJBIS.

How anonymous is your anonymised data?

The question is how anonymous is your data once stripped of ‘personal identifying information’ (PII) when used by data aggregation companies for analysis. PII can include name, postcode, etc. I made a couple of blog posts in 2008 concerning this. According to a study led by the Children’s Hospital of Eastern Ontario, previously anonymised data were able to be correlated again from patient prescription records rending the anonymising process ineffective and a threat to patient privacy.

The extinction of anonymity?

Laws in Canada and other countries are increasingly helping technology force people to identify themselves where they never had to before, threatening privacy that allows people to function effectively in society, a new study has found.

“What we’re starting to see is a move toward making people more and more identifiable,” University of Ottawa law professor Ian Kerr said Wednesday. Read more at CBC.news…

Aggregate and anonymised data

I referred to a case in Scotland in a comment made on a post concerning IP addresses seen as personal data in Germany. In subsequent comments I mention a court case in Scotland… here is the court case I was referring to, it is taken from my book:

“Aggregate data is information that is grouped for analysis, typically stated in percentages. An example is that 87% of children use the computer regularly in Sweden. Anonymous data is information that is not personally identifiable because it is not linked directly or indirectly with any unique individual and could be that it has been stripped of unique identifiers. This can be data that has had the PII stripped to convert it into aggregate data.

How anonymous the data really is after stripping PII is open to discussion. For example in July 2008 the House of Lords overruled the Scottish Information Commissioner’s decision to allow the release of anonymised regional medical statistics, saying that the data were still private and thus covered under the UK’s Data Protection Act. The controversy stems from a request by a Scottish parliamentary researcher for leukaemia data related to children in the 0–14 years of age group from a specific postal region. The Lords’ ruling was based on the low rate of incidents, which could have made it possible to correlate the data with individuals in spite of the fact that the data had been anonymised (OUT-LAW.com 2008).”

PII is Personal Identifiable Information