Big Data – Why Anonymisation of data fails – Ross Anderson Cambridge University
Today I gave a talk at the Open Data Institute on a catastrophic failure of anonymity in medical research. Here’s the audio and video, and here are the slides.
Three weeks ago we made a formal complaint to the ICO about the Department of Health supplying a large amount of data to PA Consulting, who uploaded it to the Google cloud in defiance of NHS regulations on sending data abroad. This follows several other scandals over NHS chiefs claiming that hospital episode statistics data are anonymous and selling it to third parties, when it is nothing of the kind.
Yesterday the Department of Health disclosed its Register of Approved Data Releases which shows that many organisations in both the public and private sectors have been supplied with HES data over the past year. It’s amazing how many of them are marked “non sensitive”: even number 408, where Imperial College got data with the with HESID (which includes postcode or NHS number), date of birth, home address, and GP practice. How officials can maintain that such data does not identify individuals is beyond me.
Why anonymity fails – Ross Anderson (Cambridge University)
Take away message
Basically it is impossible to anonymise health data. (Which is the point Ross Anderson has made, in his lecture).
The NHS are claiming that your medical records (including your date of birth and postcode) are “anonymised” data.
So the NHS claims that we cannot tell the difference between a 92 year old, and a 2 year old… Ask any 4 year old, and they could of course tell the difference.
This is utter nonsense from the government. You. cannot. anonymise. medical. data.
No more nonsense from the NHS or government.