Re-identification risk is the possibility that data believed to be de-identified can be linked back to a specific individual. It matters because privacy claims are weaker than they appear if supposedly safe data can still be tied back to real people through inference or external linkage.
What is Re-Identification Risk?
Risk depends on the dataset, the context, the attacker’s knowledge, the number of records, and what auxiliary information is available. It is a central consideration when sharing, masking, pseudonymizing, or anonymizing data.
What Re-Identification Risk Commonly Supports
Common uses include de-identification review, privacy engineering, analytics governance, data sharing, and research approvals.
Re-Identification Risk vs. Assumed Safe De-Identification
Re-identification risk acknowledges that de-identified data may still be linkable. Assumed safety ignores that possibility without meaningful analysis.
Frequently Asked Questions
Why does re-identification happen?
Because combinations of seemingly harmless fields can often become identifying when paired with other data sources.
Can risk ever be zero?
Rarely in an absolute sense. The goal is usually to reduce practical risk to an acceptable level.
Related Cybersecurity Terms
