NHS email encryption
Ian G Batten
ukcrypto at chiark.greenend.org.uk
Fri, 31 Aug 2007 12:11:49 +0100
On 31 Aug 2007, at 09:43, PeteM wrote:
> Ian G Batten wrote:
>>>
>>> past medical history, drug history and
>>>> allergies is plenty to identify most people down to single figures,
>>>
>>> These items cannot be used to identify a subject - i.e. discover
>>> his name and address - because each particular (named)
>>> individual's drug history is not in the public domain, unlike his
>>> age, sex, address etc.
>>>
>> I'd take evens on someone who knows how to read a set of records
>> being able to identify an individual given a drug history, a
>> postcode and electoral roll information for the residents of that
>> postcode. For women, I'd take 2/1 on: the drug history's going to
>> identify the pattern of children they've had.
>
> Perhaps, but the drug history is useless without the full postcode.
> What you're showing is what a dangerous piece of information the
> postcode is when used in inference attacks.
Exactly. I'd suggest that full post code plus one fact which has at
least 10 discrete common values will produce a target set of only a
handful of people, and two such facts will be unique.
>
> There are only 36 addresses that match my postcode, and at an
> average occupancy of 3 that narrows it down to only 100 people.
There are only 10 for mine, totalling 19 adults and 12 children (two
of the children may have turned 18 this year: my point stands). For
the adults, age+sex is a unique key, for the children pretty close to
it (there's one clash). Height, weight, month of birth, age, nature
of highest educational qualification: pretty well any one of those
will yield a target set of only two or three people, and any two of
them are unique.
ian