alt Hacker NewsI went down a bit of a rabbit hole on re-indentification a while back related to a research journal I was helping with and some presentations I was giving. One of the things I ran across was how easy it was to de-anonymize healthcare records from way less information than one might assume.
I really feel like the first step here should be to make deanonymization illegal. Obviously it wouldn't fix everything, but there's a bit of an implicit breach of contract if people are promised their data is anonymous, but then it's sold to someone else who breaks that, but as far as I can tell there's no law against what's pretty clearly a violation of the premise under which the data was allowed to be collected.