Information Leakage in Data Linkage

TL;DR

This paper examines potential information leaks in traditional and privacy-preserving data linkage methods, highlighting vulnerabilities and offering recommendations to enhance security in sensitive data integration.

Contribution

It provides a comprehensive analysis of leakage risks in PPRL protocols and offers practical guidelines to prevent vulnerabilities in real-world data linkage applications.

Findings

PPRL protocols can still leak sensitive information unintentionally.

Organizational challenges in implementing PPRL are significant.

Recommendations improve security and reduce leakage risks.

Abstract

The process of linking databases that contain sensitive information about individuals across organisations is an increasingly common requirement in the health and social science research domains, as well as with governments and businesses. To protect personal data, protocols have been developed to limit the leakage of sensitive information. Furthermore, privacy-preserving record linkage (PPRL) techniques have been proposed to conduct linkage on encoded data. While PPRL techniques are now being employed in real-world applications, the focus of PPRL research has been on the technical aspects of linking sensitive data (such as encoding methods and cryptanalysis attacks), but not on organisational challenges when employing such techniques in practice. We analyse what sensitive information can possibly leak, either unintentionally or intentionally, in traditional data linkage as well as PPRL protocols, and what a party that participates in such a protocol can learn from the data it obtains legitimately within the protocol. We also show that PPRL protocols can still result in the unintentional leakage of sensitive information. We provide recommendations to help data custodians and other parties involved in a data linkage project to identify and prevent vulnerabilities and make their project more secure.