In Redaction and Re-identification Risk, Attorney Peter Guffin, Pierce Atwood’s Privacy and Data Security Practice Group Chair, explains that
“[i]n today’s big data world, given the sophistication of data handlers, it is well-recognized that de-identification alone is not enough to prevent re-identification of individuals, and the SJC’s reliance on it promotes a false sense of security. The risk of re-identification of individuals from purportedly de-identified databases is significant. ….
In its proposed electronic court records access rules, the Maine Supreme Judicial Court (SJC) imposes on litigants new and extensive filing obligations, including requiring litigants to redact certain categories of sensitive personal information. Regardless of what one might think about the wisdom of placing this burden on litigants, it is important to ask what the SJC hopes to achieve by this requirement. Even assuming full compliance, which is doubtful, redaction as a de-identification technique, without more, would be wholly inadequate to protect the privacy of Maine citizens. ….
In crafting rules addressing electronic court records access, given the significant risk of re-identification, the SJC will need to do much more than simply impose redaction responsibility on litigants if it hopes to protect the privacy of Maine citizens.”
See the full post below
This post is part of a series examining privacy and transparency issues in the context of public access to digital court records building on Peter Guffin’s essay “Digital Court Records Access, Social Justice and Judicial Balancing: What Judge Coffin Can Teach Us”
The full series can be found at:
The Privacy Law Perspectives Blog