Quasi-identifier

From Wikipedia, the free encyclopedia

Quasi-identifiers are pieces of information that are not of themselves unique identifiers, but are sufficiently well correlated with an entity that they can be combined with other quasi-identifiers to create a unique identifier.[1]

Quasi-identifiers can thus, when combined, become personally identifying information. This process is called re-identification. As an example, Latanya Sweeney has shown that even though neither gender, birth dates nor postal codes uniquely identify an individual, the combination of all three is sufficient to identify 87% of individuals in the United States.[2]

The term was introduced by Tore Dalenius in 1986. [3] Since then, quasi-identifiers have been the basis of several attacks on released data. For instance, Sweeney linked health records to publicly available information to locate the then-governor of Massachusetts’ hospital records using uniquely-identifying quasi-identifiers, [4] [5] and Sweeney, Abu and Winn used public voter records to re-identify participants in the Personal Genome Project. [6] Additionally, Arvind Narayanan and Vitaly Shmatikov made use of quasi-identifiers to de-anonymize data released by Netflix. [7]

Motwani and Ying warn about potential privacy breaches being enabled by publication of large volumes of government and business data containing quasi-identifiers. [8]