@@ -16,4 +16,4 @@ Identifiers are commonly generated when the entry is first created. Once availab
...
@@ -16,4 +16,4 @@ Identifiers are commonly generated when the entry is first created. Once availab
Common access to a traditional `Id` column is a privacy hazard when access to other data is restricted. For example, financial service professionals may be allowed to read the table's `BankAccountNr`, while medical personnel may be granted access to their `LastDoctorVisit`. But if an accountant and a doctor compare notes, they can build a combined data set on the basis of their common `Id` values. This will provide them with *a combination of* financial and medical information that no one has been granted access to.
Common access to a traditional `Id` column is a privacy hazard when access to other data is restricted. For example, financial service professionals may be allowed to read the table's `BankAccountNr`, while medical personnel may be granted access to their `LastDoctorVisit`. But if an accountant and a doctor compare notes, they can build a combined data set on the basis of their common `Id` values. This will provide them with *a combination of* financial and medical information that no one has been granted access to.
Such "data blending" has been the subject of much debate, a.o. in the context of user profiling on the Internet. PEP addresses this issue by using a different type of ID.
Such "data blending" has been the subject of much debate, a.o. in the context of user profiling on the Internet. PEP addresses this issue by using a different type of identifier.
