“Mortgages, Privacy, and Deidentified Data” Professor Peter Swire Ohio State University Center for American Progress Consumer Financial Protection Bureau.

Slides:



Advertisements
Similar presentations
Why the Financial Privacy Law is Better than People Think Professor Peter P. Swire Ohio State University University of Minnesota Symposium February 9,
Advertisements

Court Records and Data Privacy: Online or Over the Line? Professor Peter P. Swire Moritz College of Law The Ohio State University Judges Day 2005 October.
"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.
The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,
No Cop on the Beat: Underenforcement in E-Commerce and Cybercrime Peter P. Swire Ohio State University & Center for American Progress Fordham CLIP Information.
No Cop on the Beat: Underenforcement in E-Commerce and Cybercrime Peter P. Swire Ohio State University & Center for American Progress Silicon Flatirons.
Reflections on the White House Privacy Office Peter P. Swire Ohio State University Center for American Progress N.C. State Privacy Day January 29, 2008.
A New Framework for Protecting Consumers on the Internet Peter P. Swire Ohio State University & Center for American Progress Center for American Progress.
Information Systems for Businesses Jack G. Zheng May 22 nd 2008 MIS Chapter 2.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Entrepreneurship and Small Business Management
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology
UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.
Setting the Stage: How De-Identification Came into U.S. Law, and Why the Debate Matters Today Professor Peter Swire Ohio State University/Future of Privacy.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.
Informed Consent and HIPAA Tim Noe Coordinating Center.
“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
How Can We Deal with Risks from the Internet: Why Privacy Legislation Is Hot Right Now Professor Peter Swire Ohio State University/Center for American.
Marketing Systems Group Southern California MRA Education Seminar Presentation September 17, 2005 Privacy and Current Issues.
1 Healthcare Privacy and Security: Concepts and Challenges Dixie B. Baker, Ph.D. Chair, HIMSS Privacy and Security Advocacy Task Force.
Li Xiong CS573 Data Privacy and Security Healthcare privacy and security: Genomic data privacy.
De-identifying Pathology Reports for Pathology Informatics
Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA – How Will the Regulations Impact Research?.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
1 Ethical issues in genomics research Bernard Lo, M.D. March 3, 2009.
TISSUE REPOSITORIES: THE COMMON RULE and THE HIPAA PRIVACY RULE Mark A. Rothstein, J.D. Herbert F. Boehl Chair of Law and Medicine Director, Institute.
1 Overview of HIT Policy Committee’s Privacy Hearing Jodi Daniel, JD, MPH Director, Office of Policy and Research Office of the National Coordinator for.
Anonymity and Privacy Issues --- re-identification
By Alec Sherwood, Billy Myers, Robin Roessner.  Bring attention to government proposed legislation  Talk about:  SOPA  PIPA  ACTA  CISPA  Database.
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Protecting Yourself from Fraud including Identity Theft Advanced Level.
HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule.
1 Administrative Simplification: The Last Word National HIPAA Summit 8 Baltimore, MD March 9, 2004 William R. Braithwaite, MD, PhD “Doctor HIPAA”
Page 1 Financial Institutions and Investments. Page 2.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013.
Rev August 2015 Privacy Policy Form FACTS What does Lyxor Asset Management SAS do with your personal information? Why? Lyxor Asset Management SAS maintains.
Credit  When goods, services, and/or money is received in exchange for a promise to pay back a definite sum of money at a futre date.  Lender: the person.
Federal Identity Theft Investigations Richard W. Downing Assistant Deputy Chief Computer Crime and Intellectual Property Section U.S. Department of Justice.
Framework of engagement : big data for official use Roy D. Ibay AVP Regulatory PLDT – Smart.
HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule Melinda Hatton -- Oct. 31, 2002.
Small Business and Personal Credit
Big Data Considerations
Autumn Meeting of Dublin, Ireland October 20-22, 2016 Quality Valuations – The Importance in American Property Lending M. Lance Coyle, MAI, SRA Immediate.
North Carolina Law Review Symposium
Chapter 1 Choices That Affect Income
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web Lecture 4 This material was developed by Oregon.
Big Data Considerations
Protecting Yourself from Fraud including Identity Theft
“Court Records and Data Privacy: Online or Over the Line?”
No Cop on the Beat: Underenforcement in E-Commerce and Cybercrime
Chapter 1 Choices That Affect Income
Entrepreneurship and Small Business Management
Legislative Response to Data Inferences
Presentation transcript:

“Mortgages, Privacy, and Deidentified Data” Professor Peter Swire Ohio State University Center for American Progress Consumer Financial Protection Bureau Conference on “New Research on Sustainable Mortgages & Access to Credit” October 6, 2011

Overview Federal experience to date with deidentification (“DeID”) Federal experience to date with deidentification (“DeID”) Why DeID technically harder over time Why DeID technically harder over time Technical & administrative measures to protect identity Technical & administrative measures to protect identity Court records: public records and privacy Court records: public records and privacy Conclusion: Technology alone often cannot succeed, so the choice becomes make public, keep private, or create effective data use agreements Conclusion: Technology alone often cannot succeed, so the choice becomes make public, keep private, or create effective data use agreements

Federal DeID to Date  2000 HIPAA rule Recognized reidentification (“ReID”) is possible Recognized reidentification (“ReID”) is possible Can scrub 18 data fields; or expert testifies have “very small” risk of ReID Can scrub 18 data fields; or expert testifies have “very small” risk of ReID Current HHS study in progress on DeID – similar issues to financial data Current HHS study in progress on DeID – similar issues to financial data  Data.gov Administration push for transparency Administration push for transparency Privacy & DeID more challenging than many had hoped Privacy & DeID more challenging than many had hoped  Census data History of census data sensitivity, required data collection History of census data sensitivity, required data collection Suppress small cell size; technical limits on researchers’ access Suppress small cell size; technical limits on researchers’ access

Why DeID is Harder over Time Two tech trends Two tech trends Search vastly improved: Google incorporated in 1999 Search vastly improved: Google incorporated in 1999 Increase in (almost) unique publicly available facts Increase in (almost) unique publicly available facts Mortgages Mortgages Street View of each house -- pictures Street View of each house -- pictures Public records and likely market values & date of sale of each house Public records and likely market values & date of sale of each house Social networks, blogs, marketing information available for purchase: Social networks, blogs, marketing information available for purchase: “We got our new house today, and Bank X did a great/lousy job”“We got our new house today, and Bank X did a great/lousy job” How hard for forensic, automated efforts to reID? How hard for forensic, automated efforts to reID? Sweeney “K-anonymity” and can shrink “deID mortgage” to one or a few properties Sweeney “K-anonymity” and can shrink “deID mortgage” to one or a few properties

Technical Measures Technical measures to DeID may: Technical measures to DeID may: Be subject to ReID (previous slide); Be subject to ReID (previous slide); Introduce noise to data; or Introduce noise to data; or Both Both Add noise (or subtract signal) Add noise (or subtract signal) Census approach Census approach Public data set, suppress small cell size, lots of noise; orPublic data set, suppress small cell size, lots of noise; or Researchers can run regressions using somewhat better dataResearchers can run regressions using somewhat better data Cynthia Dwork’s “differential privacy” (Microsoft Research) Cynthia Dwork’s “differential privacy” (Microsoft Research) Limits queries into database based on tolerance for ReIDLimits queries into database based on tolerance for ReID Agrawal and other IBM research Agrawal and other IBM research “Hippocratic Database” adds noise with goal of allowing analysis but minimizing risk of linkage“Hippocratic Database” adds noise with goal of allowing analysis but minimizing risk of linkage

Administrative Measures HIPAA data use agreements HIPAA data use agreements Agreements apply to a “limited data set”, with obvious identifiers (name, address) stripped out Agreements apply to a “limited data set”, with obvious identifiers (name, address) stripped out Data use agreement Data use agreement Contractual guarantees to use data only for limited purposes, such as researchContractual guarantees to use data only for limited purposes, such as research Promise to use appropriate safeguards on dataPromise to use appropriate safeguards on data Promise not to reID the dataPromise not to reID the data 2009 CDT conference report on DeID and health data emphasized importance of administrative safeguards 2009 CDT conference report on DeID and health data emphasized importance of administrative safeguards

Public Records & Privacy  Court records have been the subject of intense study on tradeoffs of public records and privacy Strong reasons for public access Strong reasons for public access Privacy: juvenile court, financial account info, etc. Privacy: juvenile court, financial account info, etc.  Annual Williamsburg conference, each November  Many state task forces on subject

Conclusion  Some records are or should be public  Some records are or should be private  Ability to ReID is large and growing Technical measures to mask exist but are limited in applicability Technical measures to mask exist but are limited in applicability Administrative measures often essential for researchers to get meaningful results Administrative measures often essential for researchers to get meaningful results  Technology alone often cannot succeed, so the choice becomes make public, keep private, or create effective data use agreements

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.