Reidentification

---

• Readings:
  • Paul Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, 57 UCLA Law Review 1701 (2010)
• Notes: This paper is a classic in the genre of arbitraging technical scholarship into law-review scholarship. We’ll ask whether it deserves that celebrated status, and if so, what Ohm does right.
• Questions:
  1. Why does privacy law treat “personally identifiable data” (PII) differently than other kinds of data?
  2. What defines whether data is PII?
  3. What is reidentification, and how big a problem is it?
  4. What should privacy law do, in light of the reidentification techniques Ohm discusses?
  5. How does Ohm present and summarize the technical material?
  6. How does Ohm organize the legal material?
  7. How does Ohm relate the technical material to the legal material?
• Additional Resources:
  • Paul Ohm, The Rise and Fall of Invasive ISP Surveillance, 2009 University of Illinois Law Review 1417. An earlier Ohm piece in the same genre.