Kingwood Data Privacy FAQ

Table of Contents

• 1. General data privacy questions
  • 1.1. What’s wrong with the nothing-to-hide argument?
  • 1.2. Does removing names make data deidentified?
• 2. HIPAA, Expert Determination, and Safe Harbor
  • 2.1. Is there more to Safe Harbor than 18 rules?
  • 2.2. Does Safe Harbor really protect privacy?
  • 2.3. Why does Safe Harbor remove dates of service?
  • 2.4. What is a “covered entity” under HIPAA?
  • 2.5. What is a business associate?
• 3. Artificial intelligence and natural language processing
  • 3.1. How effective is software at removing PII from free text?
  • 3.2. Can large language models leak personal information?
• 4. Cryptography
  • 4.1. Does hashing attributes protect privacy?
  • 4.2. Does metadata pose a privacy risk if the content is encrypted?
• 5. State privacy laws
  • 5.1. How do US states extend HIPAA?
  • 5.2. Is there such a thing as expert determination for CCPA?
• 6. European GDPR
  • 6.1. What is the right to be forgotten?
  • 6.2. What is Pseudonymization?
  • 6.3. What is anonymization?
• 7. Data breaches and incidents
  • 7.1. What is a computer security incident?
  • 7.2. What is a privacy incident?
  • 7.3. What is a breach?
  • 7.4. What is required of a covered entity after a breach?
  • 7.5. How common are data breaches?
  • 7.6. What is Breach Safe Harbor?
• 8. Data privacy techniques
  • 8.1. What is randomized response?
  • 8.2. What is synthetic data?
  • 8.3. What is k-anonymity?
  • 8.4. What is ?-diversity?
  • 8.5. What is t-closeness?
  • 8.6. What is earth-mover distance?
  • 8.7. What is differential privacy?
  • 8.8. What are the advantages of differential privacy?
  • 8.9. How can competitors share data without giving up their data?
  • 8.10. Does differential privacy scale up?
  • 8.11. Does differential privacy scale down?
  • 8.12. What is a privacy budget?
• 9. Privacy risks
  • 9.1. What are toxic pairs?
  • 9.2. Can you really identify most people from their zipcode, date of birth, and sex?
  • 9.3. Does an expired credit card tell you anything about the former cardholder?
  • 9.4. Is your personal data safe with a company that promises not to sell it?
  • 9.5. Is there any privacy risk in revealing the last four digits of your SSN?
  • 9.6. How can missing data be an identification risk?
  • 9.7. What can go wrong if an ID number is computed from personal data?
  • 9.8. Can you identify someone from medical images?
  • 9.9. What can go wrong with posting photos?
  • 9.10. How can trying to protect your privacy backfire?
• 10. Online privacy
  • 10.1. Does the browser option “Do not track” help?
  • 10.2. What is browser fingerprinting?
  • 10.3. Does Tor protect your identity?