When anonymous isn’t really anonymous
Some researchers — particularly inexperienced ones — find it hard to understand why Ethics Boards are sometimes so picky about data management and about the difference between “anonymous”and “confidential” data.
Here’s an interesting story from an unlikely source that gives a partial explanation. From The Ottawa Business Journal: Private eyes are watching you…electronically
Khaled El Emam says he teaches his students not to trust
in anonymous data. The University of Ottawa professor, who holds positions at a trifecta
of local institutions, routinely has his students cross-reference whatare supposed to be anonymous land registries, real estate databases and the like with phone books and the Internet.
He says it usually doesn’t take long before names start popping up – a lesson he bore in mind when developing a new medical record tool for the Children’s Hospital of Eastern Ontario (CHEO).
In Canada, while there are provincial laws to protect personal health information, these protections do not apply to data that have been “anonymized”. If, however, the data have not been adequately stripped of potential identifiers in the first place, this leaves nothing in place for protection. And that doesn’t mean removing only names and birthdates from data sets. Even the first three letters in a postal code can help to potentially identify someone. This story highlights both how useful aggregated health-data can be to researchers, but also how easy it can be to de-anonymize data that hasn’t been carefully anonymized in the first place.