In most enterprises today, personal data such as last name, social security number, date of birth and so on seems to proliferate across multitude of databases. It is the responsibility of the custodian of that data to protect the "Personally Identifiable Information (PII)" for reasons varying from compliance to privacy protection. Various techniques are now prevalent to protect the personal information. Data de-identification is one such most commonly employed technique. This paper aims to share insights that help Data Custodians in an enterprise, Security Auditor, Risk and Compliance Group, Data Security Subject Matter Expert and the curious minds of the database world.

1. Data Disclosure - Threats & Control

3. ! "! #$ % & %
' ( ) %
(
* ) !
% +
§ * , & &
%
§ , & ! & - )
. & &&
/
§ ! 0 & -
& % )
§ ! 1 -
§ - &
§ 2 & * & &
& % & /
% 3
4 5 &
4 % *
& - +
§ 6 & % & & 7
§ 6 7
§ 6 )
) % 7
* & 8
9 5 , :/ )

4. * & ) $ %
& & * + " ( %
! A
* )
F % ) ! !: +
* G! &
;)$ & - (
0 4 & - %
! "0 ! # ) &
& %
0 ) < /
,- * + " ( %
0! && DH 6 &!
! =AB G4 G
! 0 "!0 # A + G,
(
=> & & ) /
& %
4 & - ) 0 !! % ) 5
+ )
&
• 0 => 5 I G
0! - . * + " ( %
D <J
• ) => F DEED &
) % G< 0 G
+G % )
% )
, & - &
) % &
I $
% & % ) & -
) * * ? %
! )@ % &
! " # $ % &' " (
' " #( ' " )
! =A>B 2 ! 2
4 8 & 2 % ; 2 :
"CDE# < ! ! 2 % ;
! !: " # 2 E
! 9; 2 2 4 .
! "! # 2
. 4/ .
' : 8 & 6 ! & .

5. $ $ ) ) $
% %
* ? @ % * % L /
% 0
K EK
DEE> * % ) * &
/ % & AK 9 %
DAK
DK
& *
% ) / % =K
DAK
& & ) )
=K 8
& % & - ) BK 0
4 .
/ & & = K
HK =AK
) >HK < /
) <J ) BK
! " # #
. )
)+
• +9 "9 #
( ;* ) ! % ; ,<
! & ! ) % & )
& & %
6 6
• + 4 B E EEE
* % )
) ( * %
• + 2 / =EE & & &%
EE EEE 8 < % * / ) % )
) -
• +! 9 5 ) % BAK <
)
% %
& & % * ( 3 % &
% ) -

6. 4 %
) & % %
! %
* % ,
/ ) A *) %
% % ) % %
%
0 & 2 % % & * =
& % * D
* - & %
) ) M ) M D -
M & & & !
Non Sensitive Sensitive Non Sensitive Sensitive
ZIP Code Age Disease ZIP Code Age Disease
57177 29 Psychiatric disorder 571** 2* Psychiatric disorder
57102 22 Psychiatric disorder 571** 2* Psychiatric disorder
57178 27 Psychiatric disorder 571** 2* Psychiatric disorder
57501 73 Flu 5750* 40 Flu
57505 52 Heart Disease 5750* 40 Heart Disease
57507 47 Cancer 5750* 40 Cancer
57905 30 Heart Disease 579** 3* Heart Disease
57973 36 Cancer 579** 3* Cancer
57907 32 Cancer 579** 3* Cancer
! "
& J ) & 1 % M % )
M ) , M 6 0

7. * D , @ * ) & ,
&M % & ) M ) )
% * A
& % * - % 6 -
& M @ & N M M &
.
Non Sensitive Sensitive Non Sensitive Sensitive
ZIP Code Age Disease ZIP Code Age Disease
57677 29 gastric ulcer 576** 2* gastric ulcer
57602 22 Gastritis 576** 2* gastritis
57678 27 stomach cancer 576** 2* stomach cancer
57905 43 Gastritis 5790* 40 gastritis
57909 52 Flu 5790* 40 flu
57906 47 Bronchitis 5790* 40 bronchitis
57605 30 Bronchitis 576** 3* bronchitis
57673 36 Pneumonia 576** 3* pneumonia
57607 32 stomach cancer 576** 3* stomach cancer
# $ ! "
! % % /
) % & 0 - % %
@ & -
% % %
G G G * %
. +
• % + /
& %
• 9 + -
9 % .
' ( ) &

8. ) % &
* & &
- . ) && ( & +
• -
• ) &
• &
- ( )
% & ) & & &
% . % )
) < *
&
& 5 & &
/ )
! ) &&
(
• +33 ) 3>AE= =AOAHPA H>DBBE> B
• +33))) ) 33 3 3H=A >H>3! % P P6 P P P
P P P P7 / 2 Q L / Q=O
• +33))) ) 33 3H== =OB3 AE,P P / P P &
• +33))) % ) &3 37 % =Q % L % DQ &L % AQ
• +33 % 3 3) 3
• +33 & 3/ 3J ) & ) 3E D>HBD = P& ==HAAOO E
E R
• +33))) % ) &3 37 % =Q L % DQ - L % AQ