Invited Talks Given by Lab Members Internationally

Risk Assessments of PIN Technologies [unique personal identifiers] for Domestic Violence Shelters

Talk by Latanya Sweeney


National HMIS Conference, St. Louis, Missouri, September 13, 2005.

Slides from talk


In an attempt to perform a national unduplicated count of clients of domestic violence shelters while respecting the confidentiality of the clients, the United States Department of Housing and Urban Development ("HUD") has sponsored locally administered Homeless Management Information Systems ("HMIS"). An HMIS is a computerized data collection application designed to capture person-specific information over time from homeless persons being serviced by local shelters. HMIS' gather information from local domestic violence shelters in such a way that client confidentiality is maintained yet an accurate unduplicated count can be achieved across shelters. HUD recognizes that an HMIS must accept less identifiable information on domestic violence clients in order to maintain client safety and to insure high degrees of compliance. HUD has already agreed that the name and Social Security number of each client of a domestic violence shelter is not to be forwarded to an HMIS. Instead, a newly created identifier termed a “unique person identification number ("PIN") can be used. The overarching question posed is, "how do shelters construct PINs with minimal risk of re-identification while still achieving an accurate unduplicated count?"

In this talk, I will present a summary of assessments of categories of technologies for constructing PINs. These include encoding, hashing, encryption, consent, inconsistent hashing, and distributed query as de-duplication instruments; and, scan cards (and RFID tags), biometrics, question-and-answer, and demographics as source inputs. Combinations of source inputs and de-duplication instruments were examined in terms of the utility and privacy protection each afforded. Serious problems were found. No one solution was perfect. But some shortcomings can be sufficiently overcome with additional technological consideration and rigor and/or accompanying policies and practices.

References and Related Links

Copyright © 2011. President and Fellows Harvard University.   |   IQSS   |    Data Privacy Lab   |    []