Comments for My Place in the Crowd

Comment on What does it take to be an IAPP-certified privacy professional? What should it take? by Yash

Yash — Wed, 26 Sep 2012 04:59:06 +0000

HI Grace,
Many congrats for your great success. I was planing for CIPP and need your help for study material. Please let me know if any guide available online for download or i should purchase the same.
Also request for any study links if any you have used for your study.

Regards
Yash

Comment on What does it take to be an IAPP-certified privacy professional? What should it take? by Diane Miller

Diane Miller — Wed, 27 Jun 2012 02:52:48 +0000

Hi Grace —

Congrats on the bar and the CIPP certification!

Was there any particular topics you felt like you weren’t prepared for by reading the material? And were the questions clearly written?

Thanks.

Comment on Yahoo! Private Domain Debacle Part II: Can’t Keep a Secret by Daniel

Daniel — Mon, 12 Mar 2012 21:40:20 +0000

Is this actually legit? I also got a email form melbourneIT, but i can’t remember me ever using their services. Also, in my email they just call me “Dear Registrant” and don’t use any personalized data in the email, except domainname and my email address.

I remember getting a snail mail letter a few years ago that did look like an invoice but was a dodgy “sign here and we transfer the domain to us for a yearly fee of $70″ (compared to the $9 or $19 i pay) domain transfer form from some Australian company, but I’m not sure if this was also melbourneIT or not…

Comment on “Data” as a mainstream consumer good? 2 approaches. by How representative are PatientsLikeMe patients to the general population? | PatientsLikeMe for Partners Blog

Wed, 21 Sep 2011 16:49:24 +0000

[...] Data Project blog posed some interesting questions about data in our communities: Back in April, I wrote about the site PatientsLikeMe.com, which provides a wonderful new service that allows individual [...]

Comment on Stand up and be counted! by How representative are PatientsLikeMe patients to the general population? | PatientsLikeMe for Partners Blog

Wed, 21 Sep 2011 16:48:59 +0000

[...] Yin over at The Common Data Project blog posed some interesting questions about data in our communities: Back in April, I wrote about [...]

Comment on Should Pharma have access to doctors’ prescription records? by Diane

Diane — Tue, 26 Apr 2011 16:48:11 +0000

Timely blog, article on NPR:
http://www.npr.org/2011/04/26/135703500/supreme-court-weighs-whether-to-limit-data-mining

Comment on PINQ Privacy Demo by Tony Gibbon

Tony Gibbon — Thu, 21 Apr 2011 22:44:27 +0000

Hi Aaron, thanks for the question – I’m not sure I follow the scenario you’re referring to for the Facebook app.

PINQ and differential privacy function by returning noisy answers on aggregate questions. If, for example, I’m creating the super-duper-movie-recommender app, my app (as you point out) needs specific users’ lists of movies in order to function, so I don’t see an application of differential privacy there. I also don’t really see any need for anonymization at the point of the “get movies” question. It reminds me of signing up for an account at Amazon—I give them my address and while I certainly don’t want them to release it, they obviously need my exact address in order to provide the service.

Perhaps after you have a database of users and their favorite movies, you could use an anonymization method. Let’s say my app has a very simple, naïve recommender algorithm, which takes my two favorite movies and provides a list of recommendations by taking the set of people who share my favorites, and then for each movie, counting the number of people in that set who also like that movie.

Let’s say your two favorite movies are Star Wars and The Muppet Movie. Those are in my list too! So your recommendations would include all of my favorite movies with frequency at least 1 (depending on how many other people in the set liked that movie).

Here’s where something like differential privacy could possibly come into play. Let’s say one of my favorites is Follow That Bird and that creates a unique combination so it would only have frequency 1. If we use differential privacy to add noise to these counts, the noisy frequencies mean that a frequency near 1 is indistinguishable from a frequency near 0, thus making it impossible to deduce whether or not Follow That Bird is actually a recommendation. On the other hand, if 100 people in your set also like Return of the Jedi, its noisy frequency will be near 100. You won’t be able to tell if it’s actually 100 people vs. 99 or 101, but you’ll know that a lot more people also like it as compared to the movies with much lower noisy answers.

That’s a toy example to demonstrate differential privacy vs. ‘make this set private.’ You should also check out Graham Cormode’s work on “Anonymization and Uncertainty in Social Network Data”, which deals with introducing uncertainty into a graph, and then allows for more ‘hand’s on’ analysis than just returning noisy aggregates.

http://blog.myplaceinthecrowd.org/2010/06/10/exploding-manholes-and-anonymizing-relationships-at-ccicada/

Comment on Measuring the privacy cost of “free” services. by Aaron Beach

Aaron Beach — Wed, 30 Mar 2011 17:25:42 +0000

A comment/counter-example on point #4

“The services collecting and using data don’t really care about you the individual, they only care about trends and aggregates.”

Facebook applications *probably* constitute the most prevalent/common form of personal data release [period] and magnitude of data (30 million objects and approximately 1 trillion relationships created per month). And in almost all cases in which personal data is used for a legitimate reason (including advertising) the application IS interested primarily in the individual and only in the trends/aggregates to the extent that they distinguish the individual.

Comment on PINQ Privacy Demo by Aaron Beach

Aaron Beach — Wed, 30 Mar 2011 17:16:05 +0000

I’ve been working on integrating anonymization into social network applications (Facebook Apps). The common questions asked in these applications are “get friends”, “get movies”, or get profile (basic name/education/employment info). I was wondering how pinq/differential privacy would be applied to such questions. Most applications do not care about the data distribution or noise, they simply want a list of strings (movie names / friends) to integrate into their application.

So for example, If I like movies A, B, C, and D which together identify me, could I use pinq to anonymize this set and return something to the application that doesn’t identify me?

Comment on In The Mix…predicting the future; releasing healthcare claims; and $1.5 millions awarded to data privacy by Adam Smith

Adam Smith — Fri, 03 Dec 2010 06:39:03 +0000

The Purdue award is not the only large award of this type funded recently by the NSF. For example, this large award in three parts (Penn State, Cornell, Carnegie-Mellon):

http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=0941553
http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=0941226
http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=0941518

There were also quite a few smaller awards (on the order of $300k-$500k) handed out by the Trustworthy Computing program over the last few years on topics closely related to data privacy (and even specifically on differential privacy).

And Brad Malin from Vanderbilt, who works on the confidentiality of medical information, was nominated this year for a PECASE (Presidential Early Career Award for Scientists and Engineers) by the NIH.

All in all, the federal funding agencies seem to have recognized the importance of the topic…