Técnicas de anonimização de dados pessoais e a lei n. 13.709/2018

Orientadora : Profa. Dra. Marilia Pedroso XavierMonografia (graduação) - Universidade Federal do Paraná, Setor de Ciências Jurídicas, Curso de Graduação em DireitoInclui referênciasResumo : O presente estudo tem como objetivo analisar o panorama de proteção de dados pessoais no que tange às técnicas de anonimização de dados no Brasil, bem como apresentar as técnicas mais utilizadas mundialmente. Primeiramente, verifica-se que o Brasil não conta com a maturidade doutrinária necessária em relação ao tema, na contramão do cenário internacional de proteção de dados, o que eleva o grau de incerteza e prejudica na implementação das técnicas. Na sequência, a anonimização de dados pessoais será esquadrinhada a partir de um ponto de vista jurídico, momento em que serão apresentadas definições conceituais necessárias à exploração do tema, bem como os trade-offs e riscos envolvidos nos processos de anonimização. Com isso, serão afinal apresentadas as principais técnicas de anonimização de dados pessoais, como a generalização, supressão e aleatorização, com necessários esclarecimentos quanto a da diferença entre tais processos e a pseudonimização.Finalmente, verificar-se-á que a doutrina jurídica brasileira demanda analisar o tema com maior profundidade, buscando, juntamente com os agentes de tratamento de dados, implementar as técnicas de anonimização em maior escala, visto que são o ponto de equilíbrio ideal entre a garantia de utilidade para os agentes de tratamento e a privacidade dos titulares dos dados pessoais.Abstract: This study aims to analyze the Brazilian context of personal data protection in terms of anonymization techniques, exemplifying those most used worldwide. First, it is verified that Brazil is not in an adequate level of doctrinal maturity regarding the subject, contrary to the international scenario of data protection. Going on, the anonymization of personal data will be examined from a legal point of view, at which time conceptual definitions necessary for the exploration of the subject will be presented, as well as the trade-offs and risks involved in the anonymization processes. With this, the main techniques of anonymization of personal data, such as generalization, suppressionand randomization will be presented, with necessary clarifications as to the difference between such processes and pseudonymization. Finally, the need for the Brazilian legal doctrine to analyze the subject in greater depth will be wide clear, which will have to seek to implement the anonymization techniques on a larger scale, since they are the ideal balance between the guarantee of usefulness for the processing agents and the privacy of the holders of personal data

Preventing Unintended Disclosure of Personally Identifiable Data Following Anonymisation

Errors and anomalies during the capture and processing of health data have the potential to place personally identifiable values into attributes of a dataset that are expected to contain non-identifiable values. Anonymisation focuses on those attributes that have been judged to enable identification of individuals. Attributes that are judged to contain non-identifiable values are not considered, but may be included in datasets that are shared by organisations. Consequently, organisations are at risk of sharing datasets that unintendedly disclose personally identifiable values through these attributes. This would have ethical and legal implications for organisations and privacy implications for individuals whose personally identifiable values are disclosed. In this paper, we formulate the problem of unintended disclosure following anonymisation, describe the necessary steps to address this problem, and discuss some key challenges to applying these steps in practice

Protecting Human Subjects in the Digital Age: Issues and Best Practices of Data Protection

Public opinion and survey researchers must protect the privacy and confidentiality of human subjects. However, scholars are often not trained in the best practices of data storage, and there is a serious risk that survey data might be compromised by pernicious actors. In an era when it is becoming increasingly difficult to recruit participants, breaches could further challenge our ability to conduct surveys if we cannot guarantee that participants’ data will remain confidential and private. While any computer-based data has some vulnerability, we introduce simple measures that will better protect the confidentiality and privacy of human subjects. We hope these could become standard practice to protect human subjects in the future

Ethical Issues in the Big Data Industry

Big Data combines information from diverse sources to create knowledge, make better predictions and tailor services. This article analyzes Big Data as an industry, not a technology, and identifies the ethical issues it faces. These issues arise from reselling consumers\u27 data to the secondary market for Big Data. Remedies for the issues are proposed, with the goal of fostering a sustainable Big Data Industry.Click here for podcast summary (mp3)Click here for free 2-page executive summary (pdf)Click here for free presentation slides (pptx

Creation of public use files: lessons learned from the comparative effectiveness research public use files data pilot project

In this paper we describe lessons learned from the creation of Basic Stand Alone (BSA) Public Use Files (PUFs) for the Comparative Effectiveness Research Public Use Files Data Pilot Project (CER-PUF). CER-PUF is aimed at increasing access to the Centers for Medicare and Medicaid Services (CMS) Medicare claims datasets through PUFs that: do not require user fees and data use agreements, have been de-identified to assure the confidentiality of the beneficiaries and providers, and still provide substantial analytic utility to researchers. For this paper we define PUFs as datasets characterized by free and unrestricted access to any user. We derive lessons learned from five major project activities: (i) a review of the statistical and computer science literature on best practices in PUF creation, (ii) interviews with comparative effectiveness researchers to assess their data needs, (iii) case studies of PUF initiatives in the United States, (iv) interviews with stakeholders to identify the most salient issues regarding making microdata publicly available, and (v) the actual process of creating the Medicare claims data BSA PUFs