Targeted junkmail "from" your GP?
Brian Gladman
ukcrypto at chiark.greenend.org.uk
Mon, 30 Jun 2008 09:03:01 +0100
----- Original Message -----
From: "Peter Fairbrother" <zenadsl6186@zen.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Monday, June 30, 2008 1:59 AM
Subject: Re: Targeted junkmail "from" your GP?
> Ben Laurie wrote:
>> Wendy M. Grossman wrote:
>>> Roland Perry wrote:
>>>
>>>> I have no idea what they are proposing to do, but in principle it would
>>>> be relatively straightforward for them to have anonymised patient
>>>> records, and then send a message back to the NHS saying "please forward
>>>> the following invitation to patient number XYZ", where only the NHS/PCT
>>>> etc knows that patient's name or address. They could even send the
>>>> invite to the patient's GP, who could then call the patient in to
>>>> discuss the issue.
>>>
>>> Research indicates that re-identifying supposedly anonymized records is
>>> not all that difficult.
>>
>> That's a rather broad generalisation. What research shows is that you
>> have to be very careful when you anonymise records - merely removing the
>> name and address _may_ not be sufficient.
>>
>
> This is a matter of opinion, but I'd go with Wendy.
So do I.
I have spent a fair amount of time researching how to implement inference
controls on relational databases and it very often transpires that the
effective prevention of inferences results in a database that is no longer
capable of supporting its intended functions. This drives us back to
procedural controls on data use and, as we know, these are pretty
ineffective (in both the public and private sectors).
Brian Gladman