- From: Shane Wiley <wileys@yahoo-inc.com>
- Date: Wed, 10 Jul 2013 07:42:58 +0000
- To: "Edward O'Connor" <eoconnor@apple.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Ted, Both approaches would qualify for de-identification but it's the latter approach you've outlined that we've been discussing. When technical steps for de-identification (id obfuscation, URL cleansing, data minimization, side fact removal/aggregation, etc.) are paired with operational and administrative controls we can arrive at a place where we have reasonable confidence the data cannot be reverse engineered back to the real user. - Shane -----Original Message----- From: Edward O'Connor [mailto:eoconnor@apple.com] Sent: Tuesday, July 09, 2013 8:39 PM To: public-tracking@w3.org Subject: Re: Proposed friendly amendments to industry draft Hi Shane, You wrote: > In the industry proposal: Red = raw, Yellow = de-identified but event > linkable, Green = de-identified and un-linkable I'm having trouble understanding what you mean by "de-identified but event linkable." Assuming an event is some specific transaction, does this mean that it's possible to link together separate data records about the same transaction? Or does it mean that it's possible to link together separate data records about different transactions? An example of the former: when data is moved to yellow, a novel, random uuid is generated and used as the key. An example of the latter: when data is moved to yellow, a one-way hash of PII is used as the key. Later, when another transaction with the same user occurs, the same hash is generated for that transaction's data. Thanks in advance, Ted
Received on Wednesday, 10 July 2013 07:45:28 UTC