MIT Sloan Management Review Article on Preserving Privacy While Sharing Data

As organizations increasingly seek to exploit data, both for internal use and for sharing with partners in digital ecosystems, they face more laws mandating stronger consumer privacy protections. Unfortunately, traditional approaches to safeguarding confidential information can fail spectacularly, exposing organizations to litigation, regulatory penalties, and reputational risk.

Since the 1920s, statisticians have developed a variety of methods to protect the identities and sensitive details of individuals whose information is collected. But recent experience has shown that even when names, Social Security numbers, and other identifiers are removed, a skilled hacker can take the redacted records, combine them with publicly available information, and reidentify individual records or reveal sensitive information, such as the travel patterns of celebrities or government officials.

About the Author

Simson L. Garfinkel is the senior data scientist in the Office of the Chief Information Officer at the U.S. Department of Homeland Security, a part-time faculty member in the data science program at George Washington University, and a member of the Association for Computing Machinery’s U.S. Technology Public Policy Committee. This article was written in his personal capacity and does not reflect the official policy of DHS. Claire McKay Bowenfocuses on data privacy and confidentiality as principal research associate at the Urban Institute. Both authors formerly worked on privacy initiatives at the U.S. Census Bureau.