De-identification, Re-identification and the Definition of PII

IAPP Global Privacy Summit 2012, Washington, DC
In the past, information that was rendered anonymous or pseudonymous, encrypted or key-coded was considered to be exempt from the scope of privacy and data security laws. Yet technological breakthroughs over the past two decades, including advances in analytics and the increase in capacity for data storage and processing, have undermined the effectiveness of de-identification techniques. These developments have significant implications for businesses and policymakers. The once-clear distinction between PII and non-PII has become muddled, leaving businesses confused with respect to the scope of privacy laws, and potentially hampering the harvesting of immense value from data in fields like medical research, behavioral advertising and traffic control. Join a computer scientist, law professor and lawyer for technical and legal insight into the distinction between PII and non-PII.

Yucel Saygin, Sabanci University
Boris Segalis, InfoLawGroup LLP
Omer Tene, College of Management School of Law