News and the Data Privacy Lab



	News

What's new ... (see also in the news)

Data Privacy response to government proposed changes to human subjects research. The U.S. Office for Human Research Protections proposed a set of sweeping changes to the federal regulations that govern research involving human subjects, in the form of an Advance Notice of Proposed Rule Making and solicited comments to 75 questions by October 26, 2011. Dr. Sweeney and the Data Privacy Lab submitted a response and a version of that submission was joined by about 50 data privacy researchers and supporters primarily from computer science, medical informatics, public policy and law, from insitutions across the United States. Two national privacy groups, the Electronic Privacy Information Center (EPIC) and Patient Privacy Rights also supported the submission. These responses broadly address the fitness and appropriateness of HIPAA and the emerging field of data privacy. A third complementary and coordinated response from academics and researchers drew on recent advances in understanding data privacy from a theoretical computer science perspective. (more)

Data Privacy Lab moves to Harvard! The Data Privacy Lab is now a program in the Institute for Quantitative Social Science (IQSS) at Harvard University. This move allows the Lab to continue to offer its highly regarded thought leadership on privacy and technology, but to do so now on a broader scale, working directly with researchers and research databases at IQSS and leveraging colleagues across Harvard School of Engineering and Applied Sciences, Harvard Medical School, Harvard Law School, and MIT. The Lab started in 2001 at Carnegie Mellon University in the Heinz School of Public Policy and in 2002, moved to the School of Computer Science, where it operated until 2011. The Lab has had dramatic impact on privacy technology developments and policy. Latanya Sweeney was the founder of the Lab and continues as its Director. (more). September 2011.

Supreme Court decision in Sorrell v IMS Health. The Court's decision focused on the commercial free speech issue and the decision followed the lines revealed at oral arguments. The State cannot attempt to influence physicians to prescribe generic drugs while simultaneously restricting the speech of commercial drug salespeople. As predicted, the decision offered no resolution of the secondary issue in the case, patient privacy, which near the end of the decision is described as "unresolved." Latanya Sweeney, the Director of the Data Privacy Lab, wrote two papers that were heavily cited in amici briefs in the case. (more). June 2011.

Modern Healthcare article by Joseph Conn, "How Good are Those Rules?", describes the panel discussion about patient privacy implications in the Supreme Court case, Sorrell v. IMS Health. Latanya Sweeney, the Director of the Data Privacy Lab, wrote two papers that were heavily cited in amici briefs in the case. (more) June 2011.

Video presentation about HIPAA and the Sorrell Case. Latanya Sweeney, the Director of the Data Privacy Lab, talks about "Implications of Patient Privacy in Sorrell v. IMS Health." Presentation at Health Patient Privacy Summit in Washington, DC June 13, 2011. (video). June 2011.

HyperPublic Conference by the Harvard Berkman Center in Cambridge, MA June 10, 2011. Energetic conference that crossed designers of physical spaces with across-disciplinary collection of cyberspace scholars to explore architectural dimensions of what makes public and private spaces. Latanya Sweeney, the Director of the Data Privacy Lab, gave a presentation that focused on the challenges faced when rethinking privacy at the architectural level. Ethan Zuckerman wrote an excellent summary of Dr. Sweeney's presentation on his blog and on the Citizen Economists blog (blog). My slides are (slides). June 10, 2011.

Patient Privacy Risks in U.S. Supreme Court Case Sorrell v. IMS Health Inc.: Response to Amici Brief of El Emam and Yakowitz by L. Sweeney. Data Privacy Lab Working Paper 1027-1015B. April 2011. This paper responds to the IMS amici brief on patient privacy in which they criticize privacy claims and attempt to make the case that HIPAA provides adequate privacy protection "as is". (more) April 2011.

NPR On Point: Paying for Privacy. Interesting panel, including Esther Dyson and Michael Fertik of reputation.com. Esther Dyson made arguments that people are adults and can make their own privacy decisions, with no changes needed to current practices (except maybe more education). Michael Fertik made the point that if you give his company money they will get unwanted information removed or buried on the web. Latanya Sweeney, Director of the Data Privacy Lab, made the point that individuals can now be in control of a comprehensive copy of their data, likely providing the richest source of information for services and data sharing, and that because humans tend to horribly discount harms when making data sharing decisions, a marketplace for sharing personal data, must by its design, provide risk-based compensation and/or insulation or guarantees from harm for the subjects of the data. (more) April 2011.

Patient Identifiability in Pharmaceutical Marketing Data by L. Sweeney. Data Privacy Lab Working Paper 1015. February 2011. This paper reports on the identifiability of pharamacy marketing data by examining prescription data shared with a pharmaceutical company in 9 states. (more) February 2011.

Medical Billing Framework as the Backbone of the National Health Information Infrastructure. This paper shows how the medical billing framework can strategically help achieve the vision for the nationwide health information network. It is the first entrant in the design competition at AdvanceHIT. (more)

Launch AdvanceHIT Project. This project helps developers of health information technology (HIT) avoid pitfalls from unforeseen stakeholder barriers (e.g., privacy, usability, liability, accountability, affordability). We write visionary papers and conduct in-depth analyses in an open forum of discussion and participation. Our first efforts include competitve designs for the national health information infrastructure. September 2009. (AdvanceHIT)

Federal HIT Policy Committee: Our Director, Dr. Latanya Sweeney, was appointed to the Privacy and Security seat of the Federal HIT Policy Committee, in the Obama Administration. This committee was formed by the "stimulus bill" to make policy recommendations for the national health information infrastructure. April 2009. (GAO announcement PDF, Reprint)

In the news: Pittsburgh Post-Gazette, "Bits&Bytes: Wizzard Software scoops up Blast Podcast, Switchpod.com". Includes Ralph Gross and Alessandro Acquisti's work on Facebook. September 30, 2006. (news link, project)

In the news: Carnegie Mellon Tartan, "CMU researches Facebook privacy as site goes global". Includes Ralph Gross and Alessandro Acquisti's work on Facebook. September 18, 2006. (news link, project)

In the news: New Scientist, "Living online: The end of privacy?". Includes Ralph Gross and Alessandro Acquisti's work on Facebook. September 18, 2006. (news link, project)

In the news: Baylor Business Review, "CRM & Privacy: How much do companies need to know about their customers?". Includes Ralph Gross and Alessandro Acquisti's work on Facebook. September 13, 2006. (news link, project)

New paper: Risk Assessments of Personal Identification Technologies for Domestic Violence Homeless Shelters. This paper provides a framework for reasoning about and assessing proposed technical solutions that perform a national unduplicated accounting of visit patterns across domestic violence homeless shelters, while respecting the confidentiality of the clients who are the subjects of that accounting. January 2006. Lab Director, Dr. Latanya Sweeney, authored the paper.

Privacy Technology course at Carnegie Mellon University, School of Computer Science. Taught by Lab Director, and supported by students and staff in the Data Privacy Lab. (more)

In the news: Pittsburgh Post-Gazette, "The Thinkers: Data privacy drives CMU expert's work." An article about Lab Director, Dr. Latanya Sweeney, and some of work in the Lab. December 26, 2005. (text)

New paper: "Privacy-Enhanced Linking." This paper introduces a new way for computer scientists to think about providing privacy protection within link analysis (especially for law-enforcement and counter-terrorism purposes) and introduces the notion of "privacy-enhanced linking" as algorithms that perform link analysis with guarantees of privacy protection modeled after the Fair Information Practices. December 2005. Lab Director, Dr. Latanya Sweeney, authored the paper. (more)

Invited talk: "De-Identifying Health Data." Health Canada (Federal Department of Health), Ottawa, Ontario Canada. December 1, 2005. Given by Lab Director, Dr. Latanya Sweeney.

Invited talk: "Strategies for De-Identifying Patient Data for Research." Electronic Health Information and Privacy Conference, Ottawa, Ontario Canada. November 30, 2005. Given by Lab Director, Dr. Latanya Sweeney.

Invited talk: "Risk Assessments of PIN Technologies [identity management] for Domestic Violence Shelters (Updated)." Housing and Urban Development. Washington, DC. November 18, 2005. Given by Lab Director, Dr. Latanya Sweeney.

Invited talk: "Identity Management: Dealing with Disclosure." 6th CACR, Toronto, Canada, November 3, 2005. Given by Lab Director, Dr. Latanya Sweeney.

Testimony: "Privacy Principles for Ubiquitous Technologies", Testimony before the Eurpoean Commission, Brussels, Belgium, October 25, 2005. Given by Lab Director, Dr. Latanya Sweeney.

Invited talk: "Aging with Dignity: Privacy need not be traded for technical assistance." Technology for Life and Living Conference, University of Pittsburgh Medical Center, Pittsburgh, PA, October 21, 2005. Given by Lab Director, Dr. Latanya Sweeney.

Best Paper of the Year Award: The paper "How (not) to protect genomic data privacy in a distributed network: using trail re-identification to evaluate and design anonymity protection systems," authored by Lab members Bradley Malin and Latanya Sweeney received one of the highest honors possible for a paper in medical informatics --inclusion in the Yearbook of Medical Informatics which selects the "best of the year" among all peer-reviewed published journal papers in the field. Awarded October 2005. (more, paper)

In the news: CBS News, Denver, "Angel Protects Those Who Might be Targets for ID Theft," October 20, 2005. Interview about the Identity Angel project at the Lab. (text, video)

New paper: "Managing End-of-Life Care in Complex Patients Can Reduce Costs Without Shortening Life or Sacrificing Patient Satisfaction", reports on a prospective cohort study conducted in California in which a comprehensive patient centered collaboration that includes end-of-life and pain management, education, provider coordination, and patient advocacy sharply reduced costs without shortening life or sacrificing patient satisfaction. Lab Director, Dr. Latanya Sweeney, co-authored the paper with Andrew Halpert and Joan Waranoff of Blue Shield California. October 2005. (more)

Testimony: "Recommendations to Identify and Combat Privacy Problems in the Commonwealth", Testimony before the Pennsylvania House Select Committee on Information Security (HR351), Given by Lab Director, Latanya Sweeney. Pittsburgh, PA, October 5, 2005. (Testimony and Appendices)

In the news: CBS News, New York, "Why A Resume Could Bring A Job, But Also ID Theft: Identity Theft From Online Resumes On The Rise," Septmber 28, 2005. Interview about the Identity Angel project at the Lab. (text, video)

Finalist in student paper competition at AMIA! Bradley Malin, a PhD student in the Data Privacy Lab, is a finalist in the 2005 student paper competition of the American Medical Informatics Association. His paper is entitled, "A Secure Protocol to Distribute Unlinkable Health Data".

Invited talk: "Privacy Technologies for Large Research Databases" Spectrum Health and Michigan State University, Grand Rapids, MI, September 23, 2005. Given by Lab Director, Latanya Sweeney. (Slides and Abstract)

Invited talk: "Biometrics Alone Won't Do: Developing Holistic Identity Management Solutions" Biometrics Symposium 2005, Arlington, VA, September 19, 2005. Given by Lab Director, Latanya Sweeney. (Slides and Abstract)

Invited talk: "Risk Assessments of PIN Technologies [unique personal identifiers] for Domestic Violence Shelters," National HMIS Conference, St. Louis, Missouri, September 13, 2005. Given by Lab Director, Latanya Sweeney. (Slides and Abstract)

Paper in IEEE Intelligent Systems about privacy and homeland security, entitled: Privacy-Preserving Surveillance using Selective Revelation. This paper describes an approach for sharing data for surveillance purposes while maintaining privacy. July 2005. Authored by Lab Director, Latanya Sweeney. (more)

Testimony: "Privacy Technologies for Homeland Security", Testimony before the Privacy and Integrity Advisory Committee of the Department of Homeland Security (�DHS�), Boston, MA, June 15, 2005. Testimony by Lab Director, Latanya Sweeney. (Testimony and Appendices)

Invited talk: "HIPAA Strategies for De-Identifying Patient Data for Research," American Association of Medical Colleges (AAMC), National Conference, Group on Information Resources, Philadelphia, PA. April 12, 2005. Given by Lab Director, Latanya Sweeney. (Slides and Abstract)

Invited talk: "Privacy Technology in the Face of Information Warfare", Guest Lecture in Course 19-601, Information Warfare, Carnegie Mellon University. Pittsburgh, PA. March 29, 2005. Given by Lab Director, Latanya Sweeney. (Slides and Abstract)

Invited talk: "Privacy Technology: Artificial Intelligence to Save the World", AAAI Spring Symposium. Stanford. Palo Alto, CA. March 23, 2005. Given by Lab Director, Latanya Sweeney. (Slides, References and Abstract).

Invited talk: "Beyond Ickiness is Risk: The Exasperation of Data Privacy Problems by Implanted RFIDs", The Concealed I Conference, University of Ottawa, Ontario Canada. March 4, 2005. Given by Lab Director, Latanya Sweeney. (Slides, References and Abstract).

Lab Director, Latanya Sweeney, becomes member of the Program Committee for the Workshop on Privacy Enhancing Technologies (PET) 2005. (more).

Thesis completed by Ralf Holzer entitled, "Email Alias Detection Using Network Analysis." March 2005. (more)

Invited talk: "Privacy Technology: Computer Scientists Help Save the World", Intel Privacy Forum. Intel. Hillsboro, OR. March 2, 2005. Given by Lab Director, Latanya Sweeney. (Slides, References and Abstract).

Paper in AAAI Spring Symposium entitled AI Technologies to Defeat Identity Theft Vulnerabilities. This paper demonstrates how information from on-line resumes can be automatically harvested in order to acquire fraudulent new credit cards. February 2005. Authored by Lab Director, Latanya Sweeney. (more)

Paper in AAAI Spring Symposium entitled Mining Images in Publicly-Available Cameras for Homeland Security. This paper describes a technology that tracks the number of people appearing in publicly-available webcams. February 2005. Authored by Lab Members: Latanya Sweeney and Ralph Gross. (more)

Paper in AAAI Spring Symposium entitled Technologies to Defeat Fraudulent Schemes Related to Email Requests. This paper describes a technology for tracking criminal relations behind scam spam. February 2005. Authored by Lab Members: Edoardo Airoldi, Bradley Malin, and Latanya Sweeney and Ralph Gross. (more)

Paper/Poster in AAAI Spring Symposium entitled Privacy-Preserving Bio-Terrorism Surveillance. This paper/poster describes a real-world application in which surveillance is performed with data that are provably sufficiently anonymized under HIPAA. More generally, data are provided on a sliding scale of identifiability termed "selective revelation." February 2005. Authored by Lab Director, Latanya Sweeney. (more)

Paper/Poster in AAAI Spring Symposium entitled Towards a Privacy-Preserving Watchlist. This paper/poster describes a key problem in homeland surveillance ("the watchlist problem") and examines two challenges that continue to make it an unsolved problem. February 2005. Authored by Lab Director, Latanya Sweeney. (more)

Lab Director, Latanya Sweeney, becomes member of the Program Committee for Modeling Decisions for Artificial Intelligence (MDAI) 2005. (more).

Paper in IEEE Transactions on Knowledge and Data Engineering (with Elaine Newton and Bradley Malin) appeared, entitled Preserving Privacy by De-identifying Facial Images. This paper provides an algorithm for provably de-identifying faces appearing in video while retaining many facial details. Uses k-anonymity. February 2005. Authored by Lab members: Elaine Newton, Latanya Sweeney, and Bradley Malin. (more)

...

Co-sponsor of a 2-day workshop, Privacy in D.A.T.A., held March 27-28, 2003 at CMU. The goal of the workshop is to introduce computer scientists to key problems in privacy in surveillance.

Latanya Sweeney, as Director of the Laboratory for International Data Privacy at Carnegie Mellon University, submitted public comments to HHS on the proposed modifications to the Privacy Rule (HTML, PDF). Submitted to HHS on 4/26/2002. For related links, see LIDAP's HIPPA page.

Data Privacy Lab in the news ... (see also what's new)

New York Times article by Natasha Singer, "Data Privacy, Put to the Test", lists recent privacy issues in big data and includes a discussion of Data Privacy Lab work on patient privacy in the Supreme Court case Sorrell v IMS Health, even though patient privacy is a secondary issue in the case. (more) May 2011.

The Post-Gazette September 30, 2006. "Bits&Bytes: Wizzard Software scoops up Blast Podcast, Switchpod.com". (news link, project)

The Tartan September 18, 2006. "CMU researches Facebook privacy as site goes global". (news link, project)

New Scientist September 18, 2006. "Living online: The end of privacy?". (news link, project)

Baylor Business Review September 13, 2006. "CRM & Privacy: How much do companies need to know about their customers?". (news link, project)

Boston Phoenix and various affiliates around the USA, February 15, 2005, "Spying Eyes: America's Most Popular Search Engine Is Keeping Tabs On Us" (text)

ABC News, June 13, 2004, "University Web Site Watches Public Spies". (text)

CBS News, Associated Press, March 15, 2004, "Privacy Safeguards Quietly Killed". (text)

CNN, October 11, 2003, "Privacy researcher: Public Web cams troublesome". (text)

USA Today, August 25, 2003, "CameraWatch, Who watches the watchmen?". (text)

CBS News, Associated Press, November 4, 2002, "Germ Patrol: Like Never Before". (text)

Computer World, October 14, 2002, "Privacy Algorithms." (text)

Pittsburgh Post-Gazette, August 15, 2002, "Seeing profits in privacy, recent transplant launches firm to protect individual identities." (more)

Wall Street Journal, February 2001. Author Glen Simpson. Privacy of Census Data.

Newsday, November 21, 2000 Section: Health & Discovery, "When Medical Data Goes Public", pages C8-C10, Author Earl Lane (Washington Bureau), https://library.newsday.com/

Newsweek, October 16, 2000. "It Doesn't Take Much to Make You Stand Out".

Consumer Reports, August 2000, Section: Consumer Interest: Health and Medical Records Privacy. "Who knows your medical secrets?" pages 22-26. https://www.consumerreports.org

Federal Register, March and December 2000, Health Insurance Privacy and Portability Act (HIPPA).

Privacy Commissioner of Canada, Annual Report, 2000.

20/20 Television News Magazine [20 second clip regarding pharmacy data]

National Journal's Technology Daily, July 14, 2000, "Senator predicts three-pronged medical privacy plan." (text)

New York Times, Feburary 16, 2000.

ZDNet, April 7, 1999, "Free speech and privacy forever." (text)

Los Angeles Times, February 8, 1999, "A new push is on for Patients Privacy Law." (text)