e
q
u
e
s
t
a
d
e
m
o < back
Sensitive Data Discovery
data definition and discovery process
When a person is tasked with data anonymization the first thing s/he does is try to understand what subset of data s/he needs to address with masking. Basically, the first question is "what is sensitive data"?
the definition
The term "Sensitive Data" or "PII" (personally identifiable information" or "PHI" in heath, protected health information, stands for the data that describes a person in a specific way, with certain attributes. The knowledge of the values of these attributes allows other people to re-identify that specific person among other people.
For example, the knowledge of Social Security Number allows learning a lot of things about a person. Social Security Number invariably is used in multiple systems during this person's life and is unique. The SSN value in the wrong hands can lead to false credit card applications, fraud medical claims, and exposure of public information about students.
fraud
There is a black market for stolen PII. Each element has its own price -for the very reason that it helps to earn the money in illegal ways. Besides commercial vendors, FBI and other government law enforcement entities take issue very seriously. People committing fraud get harsh sentences
privacy
Even if not with fraudulent intentions, compromising one's privacy is not desired. It is quite possible that a person would not want their employer, neighbours and sometimes even family members to find out about their health issues (https://www.fbi.gov/news/stories/2012/november/estate-planner-victimized-terminally-ill). Recent stolen data about extramarital affairs from Ashley Madison's site exposed a lot of people, and no matter how questionable the ethics of these people or behavior was, it cost a lot of ruined careers and even suicides (https://en.wikipedia.org/wiki/AshleyMadisondatabreach#Impactand_ethics)
AttributesPII domain
So,Let's whichconsider how we define attributes definein athe domain of sensitive data in terms of person's privacy and de-identification?de-identification.
The common sense dictates that the more attribute contributes to the unique description on the person or company, the more important it is. The common sense also dictates that there will be some unique identifiers ( either biological or societal) and there also will be a combination of non-unique identifiers that will describe a person or a company uniquely.
This concept, well popularized by Dr. Khaled El Emam in his book and site, takes roots much deeper, namely, with Codd and Date's definition of domains and keys. This concept of uniqueness, as well known for fifty or so years in computer science by saying of “[Every] non-key [attribute] must provide a fact about the key, the whole key, and nothing but the key" for normalization being applied to the Domain of the person - provides for core of Personally Identifiable Information Model. All the concepts of k-anonymity, l-diversity and t-closeness have roots in the definition of unique key.
Unique identifiers
While SSN, Passport #, Driver Licenses are guaranteed uniqueness identifiers in the societal domain, fingerprints, irises and genetic codes are considered unique enough in the domain of the biological markers.
The Health industry defined the minimum number of attributes that define a domain in their "Safe Harbor" list of attributes. The process of defining such domain is called "sensitive data discovery" and currently is defined in terms of discovering data in the systems across enterprise.