Tuesday, March 26, 2013

A FOI practitioner's view of DPA/privacy

Whenever I say that I know almost nothing about DP and anonymisation, work and FOI colleagues laugh this off. Of course, I know loads about section 40 of the FOIA and of course, I have done loads of cases where I have made judgements about release of data relating to individuals (whether remuneration of senior staff or, in an 'anonymised' form, healthcare stats). I have read the ICO guide on anonymisation. Studied for hours the Department of Health case where abortion stats for young people were requested, which ended up in court.

And that is what is significant. A few days ago I would have written "...anonymised form..." rather than what I have only just learnt (in this respect, I seem to be years behind everyone else) should be "...'anonymised' form...".

Although I have heard privacy experts rumble on about the horrors and dangers of releasing data without what looks like identifiers, I have never really understood what they were talking about - which is my fault - I should have read something to understand the basics.

Now that I have, my faith in anonymisation has been shaken.

I hope people do throw rotten cabbages and tomatoes at me - I should have learnt this a long time ago. But it seems to be a secret, at least, among my peers who practice FOI but also know little of DP and privacy: you cannot really anonymise personal data in a useful way.

The article that I read, that was referred to by Professor Douwe Korff, at a recent National Association of Data Protector Officers (NADPO) seminar was Paul Ohm's 'Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization'.

In this paper, which is available here, Ohm refers to data administrators and their faith in anonymisation. He then shows the dangers.

When I handled a FOI about abortion stats, colleagues from neighbouring organisations shuddered at the thought of releasing the data. I spent most of a month arguing with them but they had no arguments to give, as they seemed to know even less about it than me - they seemed to think that it would not be safe, but nothing more rooted in reason. At the end of the day, we did not release the data, but not for any good reason that I was aware of.

I am so glad that I followed the line of people that I did not really believe.

So, for you FOI practitioners out there, who routinely spend time managing the release of data, if you are anything like me, please read Ohm's paper and take, as I have done, the first few steps towards understanding the dangers.