Computer systems often maintain records that contain sensitive information regarding various entities. For example, a computer system that operates in a health-related domain may provide records which contain personal information regarding patients. A computer system that operates in a financial domain may provide records which contain personal information regarding account holders, and so on. Individuals who have authorized access to these records are referred to herein as trusted entities, or honest brokers. These computer systems typically provide appropriate security provisions to prevent the release of the sensitive information to unauthorized entities.
At the same time, there is sometimes a legitimate need to make the above-described types of records available outside the normal production domains of the computer systems. To cite one example, a trusted entity may wish to allow an external researcher to perform analysis on the basis of the records. This will allow the external researcher to identify trends and make other statistical conclusions on the basis of the records. This type of access raises various challenges, however, as the trusted entity may be bound by contractual obligations to preserve the privacy of the sensitive information. Further, an applicable jurisdiction may have enacted laws which prevent the dissemination of the sensitive information, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States.
To address these concerns, the trusted entity may remove or otherwise obscure the sensitive information within the records. According to the terminology used herein, this general process is referred to as de-identification, and the records produced thereby are referred to as de-identified data. If performed correctly, the de-identified data will not reveal any sensitive information regarding the entities associated with the records.
However, for reasons set forth in greater detail herein, there is a risk that the process of de-identification is not performed correctly. This may result in the release of sensitive information to unauthorized recipients. This outcome, in turn, may subject the trusted entity to considerable penalties, ranging from loss of business to legal action.