1 A Q&A with the Commissioner: Big Data and Privacy Health Research: Big Data, Health Research Yes! Personal Data No! Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada
2 THE AGE OF BIG DATA, OPEN DATA AND PRIVACY Big Data Yes Open Data Yes Personal Data - No
3 BIG DATA Each day we create 2.5 quintillion bytes of data 90% of the data today has been created in the past 2 years; Big data analysis and data analytics promises new opportunities to gain valuable insights and benefits, (e.g., improved load management, better assets management, new programs and services etc.); However, it can also enable expanded surveillance, on a scale previously unimaginable; This situation cries out for a positive-sum solution, win-win strategy: what is needed is Big Data and Big Privacy!
4 PRIVACY BY DESIGN IN THE AGE OF BIG DATA The Big Difference with Big Data; Sensemaking Systems; Privacy by Design in the Age of Big Data; The Creation of a Big Data Sensemaking System through PbD.
5 DATA MINIMIZATION AND DE-IDENTIFICATION
6 DATA MINIMIZATION Data minimization is the most important safeguard in protecting personal health information, including for health research and data analysis; Ontario s PHIPA prohibits health care providers from collecting, using or disclosing personal health information if other information (such as de-identified or anonymized information) will serve the purpose; It also prohibits health care providers from collecting, using or disclosing more personal health information than is reasonably necessary to meet the purpose.
7 DISPELLING THE MYTHS ABOUT DE-IDENTIFICATION The claim that de-identification has no value in protecting privacy due to the ease of re-identification, is a myth; If proper de-identification techniques and re-identification risk management procedures are used, re-identification becomes a very difficult task; While there may be a residual risk of re-identification, in the vast majority of cases, de-identification will strongly protect the privacy of individuals when additional safeguards are in place.
8 DATA DE-IDENTIFICATION TOOL Developed by Dr. Khaled El Emam, Canada Research Chair in Electronic Health Information; De-identification tool that minimizes the risk of re-identification based on: - The low probability of reidentification; - Whether mitigation controls are in place; - Motives and capacity of the recipient; - The extent a breach invades privacy; Simultaneously maximizes privacy and data quality while minimizing distortion to the original database.
9 EVIDENCE THE TOOL WORKS Dr. El Emam was approached to create a longitudinal public use dataset using his de-identification tool for the purposes of a global data mining competition the Heritage Health Prize; Participants in the Heritage Health Prize competition were asked to predict, using de-identified claims data, the number of days patients would be hospitalized in a subsequent year; Before releasing the dataset created using Dr. El Emam s tool, the de-identified dataset was subjected to a strong reidentification attack by a highly skilled expert; The expert concluded the dataset could not be re-identified Dr. El Emam's de-identification tool was highly successful!
10 EVIDENCE THAT RE-IDENTIFICATION IS EXTREMELY DIFFICULT A literature search by Dr. El Emam et al. identified 14 published accounts of re-identification attacks on deidentified data; A review of these attacks revealed that one quarter of all records and roughly one-third of health records were re-identified; However, Dr. El Emam found that only 2 out of the 14 attacks were made on records that had been properly de-identified using existing standards; Further, only 1 of the 2 attacks had been made on health data, resulting in a very low re-identification rate of 0.013%.
11 DATA MINIMIZATION FOR RECORD LINKAGES Dr. El Emam has also developed a protocol for securely linking databases without sharing any identifying information; The protocol uses an encryption system to identify and locate records relating to an individual, existing in multiple datasets; This involves encrypting personal identifiers in each dataset and comparing only the encrypted identifiers, using mathematical operations, resulting in a list of matched records, without revealing any personal identifiers; The protocol promotes compliance with existing prohibition in PHIPA by allowing linkages of datasets without the disclosure of any identifying information a win/win solution positive-sum!
12 HOMOMORPHIC ENCRYPTION A form of encryption that allows computations to be carried out on encrypted data to obtain an encrypted result; Homomorphic describes the transformation of one dataset into another while preserving relationships between data elements in both sets; Homomorphic encryption allows you to make computations or engage in data analytics on encrypted values data you cannot read because it is not in plain text, therefore inaccessible; May also be used to link two or more databases without the disclosure of any unique identifiers positive-sum win/win.
13 SECURE DATA ANALYTICS ON THE CLOUD The Value of De-identification; Challenges in Re-identifying De-identified Information; De-identification in the Context of Privacy Laws; Re-identification Risk Assessment.
14 CONCLUDING THOUGHTS Make privacy a priority ensure that privacy is embedded into your systems and operational processes into your business practices; It is easier and far more cost-effective to build in privacy up-front, rather than after-the-fact; Privacy risks are best managed by proactively embedding the principles of Privacy by Design; Get smart lead with Privacy by Design, not privacy by chance or, worse, Privacy by Disaster!
15 HOW TO CONTACT US Ann Cavoukian, Ph.D. Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) / Web: For more information on Privacy by Design, please visit:
Embedding Privacy into the Design of EHRs to Enable Multiple Functionalities Win/Win March 2, 2012 Information and Privacy Commissioner, Ontario, Canada Ann Cavoukian, Ph.D. Information & Privacy Commissioner
Using Privacy by Design to Achieve Big Data Innovation Without Compromising Privacy Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada David Stewart National Advanced Analytics Leader
What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Table of Contents What is a privacy breach?...1
Privacy by Design: What s Been Happening? Ken Anderson Assistant Commissioner (Privacy) Ontario Hong Kong June 13, 2012 Key Definitions Information privacy refers to the right or ability of individuals
Incorporating Privacy into Marketing and Customer Relationship Management A Joint Report of the Information and Privacy Commissioner of Ontario and the Canadian Marketing Association Information and Privacy
Data protection Anonymisation: managing data protection risk code of practice 2 xx Contents 3 Contents Information Commissioner s foreword 4 Appendix 1 Glossary 48 1. About this code 6 2. Anonymisation
International Working Group on Data Protection in Telecommunications 675.48.12 Working Paper on Big Data and Privacy Privacy principles under pressure in the age of Big Data analytics 55th Meeting, 5 6
WHITE PAPER Balancing Access to Information While Preserving Privacy, Security and Governance in the Era of Big Data. EXECUTIVE SUMMARY This white paper explores the critical role that privacy, security
No silver bullet: De-identification still doesn't work Arvind Narayanan firstname.lastname@example.org Edward W. Felten email@example.com July 9, 2014 Paul Ohm s 2009 article Broken Promises of Privacy
7 LAWS OF IDENTITY THE CASE FOR PRIVACY-EMBEDDED LAWS OF IDENTITY IN THE DIGITAL AGE Ann Cavoukian, Ph.D. Information and Privacy Commissioner of Ontario Commissioner Ann Cavoukian gratefully acknowledges
Climate Surveys: Useful Tools to Help Colleges and Universities in Their Efforts to Reduce and Prevent Sexual Assault Why are we releasing information about climate surveys? Sexual assault is a significant
March 31, 2014 Big Data Study Office of Science and Technology Policy Eisenhower Executive Office Building 1650 Pennsylvania Avenue, NW Washington, DC 20502 SUBJECT: Request for Information on Big Data
Better Information for Improved Health: A Vision for Health System Use of Data in Canada June 2013 Prepared by the Canadian Institute for Health Information, in collaboration with Canada Health Infoway,
DRAFT VERSION Big Data privacy principles under pressure September 2013 2 Contents Summary... 6 1 Introduction... 8 1.1 Problems for discussion... 8 1.2 Definitions... 9 1.2.1 Big Data... 9 1.2.2 Personal
Big Data Strategy Issues Paper MARCH 2013 Contents 1. Introduction 3 1.1 Where are we now? 3 1.2 Why a big data strategy? 4 2. Opportunities for Australian Government agencies 5 2.1 What the future looks
The linking and integration of large data sets offers a new dimension to the development, implementation, and evaluation of policy and program initiatives. Yet the ability to accomplish this often depends
Secure Enterprise Mobility Management White Paper: Cloud-Based Enterprise Mobility Management soti.net Background Facing a business environment of constant change and increasing complexity, enterprises
Privacy and Security by Design: An Enterprise Architecture Approach September 2013 Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada Mark Dixon Enterprise Architect, Information
A Guide to the Personal Health Information Protection Act December 2004 Information and Privacy Commissioner/Ontario Ann Cavoukian, Ph.D Commissioner Dr. Ann Cavoukian, the Information and Privacy Commissioner
Big Data and Analytics: Seeking Foundations for Effective Privacy Guidance A Discussion Document February 2013 Introduction Analytics 1 promises to revolutionize business, science, research and education.
Data protection Personal information online code of practice On 26 May 2011, the rules on using cookies changed. This guidance reflects the law before that date. Our advice on the new cookies Regulations
Frequently Asked Questions : Personal Health Information Protection Act February 2005 Information and Privacy Commissioner/Ontario Ann Cavoukian, Ph.D Commissioner. Dr. Ann Cavoukian, the Information and
64 STAN. L. REV. ONLINE 63 February 2, 2012 SYMPOSIUM ISSUE PRIVACY IN THE AGE OF BIG DATA: A TIME FOR BIG DECISIONS Omer Tene* & Jules Polonetsky** We live in an age of big data. Data has become the raw
Navigating Big Data s Privacy and Security Challenges kpmg.com Navigating Big Data s Privacy and Security Challenges 1 About the authors Greg Bell is a principal in the Atlanta office of KPMG LLP s (KPMG)
INTRODUCTION This guidance is composed of a series of fact sheets that clarify how the HIPAA Privacy Rule applies to, and can be used to help structure the privacy policies behind, electronic health information
Online Lead Generation: Data Security Best Practices Released September 2009 The IAB Online Lead Generation Committee has developed these Best Practices. About the IAB Online Lead Generation Committee:
Engineering Privacy by Design Seda Gürses, Carmela Troncoso, and Claudia Diaz K.U. Leuven/IBBT, ESAT/SCD-COSIC firstname.lastname@example.org Abstract. The design and implementation of privacy requirements