Privacy risks

9.1. What are toxic pairs?

Toxic pairs are unusual combinations of attributes that could yield clues to someone’s identity. Maybe each item alone is unremarkable, but the combination is remarkable. More on toxic pairs here.

9.2. Can you really identify most people from their zipcode, date of birth, and sex?

Yes. Latanya Sweeney demonstrated this in 1997 by providing the then-governor of Massachusetts William Weld with medical records she obtained by knowing Weld’s zipcode and birth date.

More on how easily people can be identified based on this information here.

9.3. Does an expired credit card tell you anything about the former cardholder?

The credit card number shows what bank you were using, which may well be your current bank. It may also reveal the first few digits of your new credit card number. More on that here.

9.4. Is your personal data safe with a company that promises not to sell it?

Given how frequently companies inadvertently give your data to hackers, it may not matter whether they keep their promise to never sell the data.

Aside from being hacked, companies have ways of getting around promises not to sell your data. For example, they may barter your data, trading it to another company for some kind of compensation other than cash. The company who got the data in the trade may then sell it unless that was prohibited.

9.5. Is there any privacy risk in revealing the last four digits of your SSN?


9.6. How can missing data be an identification risk?

In some cases the missing data may be filled in by logical inference.

9.7. What can go wrong if an ID number is computed from personal data?

US states used to compute your drivers license number from other personal information. This made it possible to either compute your drivers license number or use your drivers license number to infer other data. More on this here.

States no longer do this, but other government agencies or private companies might. Presumably some do. Computing IDs sounds like a good idea; a generation ago a lot of people thought it was a good idea and saw no problem with it. Surely not everyone has learned from the mistakes of the past.

9.8. Can you identify someone from medical images?

This is a difficult question because it depends on context. Medical textbooks are filled with images that presumably do not compromise anyone’s identity. But if a small set of images is known to belong to a small set of people, it might be possible for someone to match some images to some people.

In general it can be hard to identify people from medical data. See, for example, this article on attempting to identify people from electrocardiogram data.

On the other hand, something like a fitness tracker could give clues to a person’s identity.

9.9. What can go wrong with posting photos?

Photos can contain a large amount of metadata, such as EXIF (Exchangeable Image File Format) metadata. In addition, you’d be surprised what location clues are in a seemingly innocuous photo. There are people who have a hobby of identifying locations from photos from clues in the background.

9.10. How can trying to protect your privacy backfire?

This is known as the Streisand Effect.



Trusted consultants to some of the world’s leading companies

Amazon, Facebook, Google, US Army Corp of Engineers, Amgen, Microsoft, Hitachi Data Systems