Minimising ID Theft when Sharing Personal Data using Pseudonymisation

1
Minimising ID Theft when Sharing Personal Data
using Pseudonymisation

• Minimising ID Theft when Sharing Personal Data
  using Pseudonymisation

2
ID Crime Home Office definitions

• False ID
• An invented or modified genuine identity
• ID Fraud
• Using someone else's ID details or a False ID to
  support unlawful activities or avoiding
  liabilities by claiming to be an ID Fraud victim
• ID Theft
• Acquiring sufficient identifying information to
  commit ID Fraud
• ID Crime
• Any of the above

3
Essence of ID Theft

• Private information collection

• This implies ID Theft can be minimised if
• Difficult to guess/synthesize identifying data
  
• Difficult to re-use identifying data

4
Minimising ID Theft of shared data

• Complicate guessing/synthesis of identifying
  data
• Complex algorithm
• Require extra information for use (e.g. expiry
  date, card verification code etc.)
• Complicate re-use of identifying data
• Restrict acceptable use i.e. compartmentalise
  prevent linkage
• De-sensitise the identifying data
• Constantly changing/short lifetime (e.g. always
  moving house, disposable email address,
  single-use CC number)
• Need extra data to unlock or validate it (e.g.
  encryption key or chip card PIN or
  biometrics/ID-card, last bill amount, RBAC)

5
What exactly is pseudonymisation?

• Link between sensitive data and pseudonym
  maintained (can be accessible by permission)

6
ID Theft and Privacy Breaches
Privacy breaches
ID Theft
Junk mail/ spam
Vocal Pharmacist/ Court Usher/ Doctors
receptionist
7
Privacy Enhancing Technologies (PETs) -
Fisher-Hubner

• Pseudonymity
• Access resource/service without disclosing ID.
  Linkable and ID available.
• Anonymity
• Access resource/service without disclosing ID.
  Real ID not available, may be linkable.
• Unlinkability
• Service usage not linkable, sender/receivers not
  connectable
• Unobservability
• Not possible to observe someones access or use
  of a service

8
Privacy Enhancing Technologies (Fisher-Hubner)
contd.
Pseudonymity
Anonymity
Unlinkability
Unobservability
Audit/Log
? Log deletion
Application
?Digital Signatures ?Pseudonymisation
? Blind Signatures ? Digital Cash
? Steganography
? Anonymisation
System
? Disk File erasing
Communication
? Proxies
? Mix nets
Continued use of identifiable data!
Business databases here
? Thwart guessers ? Complicate re-use
9
Pseudonymisation reduces ID Theft

• Preventing linkage of business identifiers by
  pseudonymising identifiers for different
  uses/departments i.e. Compartmentalising
• Prevent re-use by business partners by
  pseudonymising data differently for each partner
  i.e. Compartmentalising
• Enabling disposable IDs
• Next step towards privacy protecting data systems

10
The pseudonymisation leap
The next step
Pseudonymised
Identifiable data
11
NHS Case Study

• Care Record Service (CRS)
• National database providing a live, interactive
  patient record service accessible 24 hours a day,
  seven days a week, by health professionals
  whether they work in hospital, primary care or
  community services.
• CRS Secondary Uses Service
• Enables investigation of trends and emerging
  health needs which can inform public health
  policy. The data extracted will provide better
  information to support performance improvement
  and assessment, clinical audit and governance,
  monitoring and benchmarking, surveillance,
  research and planning

12
Loading the Central CRS database
13
Self-service pseudonymisation
Sapior API
Stage-1
Stage-3
JDBC
14
Take-home Message
If you share data and need to minimise ID Theft
risk, then you must consider pseudonymisation

• Contact
• www.sapior.com
• 44-(0)20-7060-2965