Confronting the Cyber Risks of Re-identification Attacks in Governmental Personal Data Transfers: Theory and Practice in Israel

PI: Prof. Tal Zarsky. 

Confronting the Cyber Risks of Re-identification Attacks in Governmental Personal Data Transfers: Theory and Practice in Israel: Anonymization generates key questions with which policymakers and scholars from a variety of fields are currently struggling. In Israel, however, this issue has received very limited regulatory and academic attention. This proposal focuses on legal issues underlying the protection of anonymized data from de-anonymization (or re-identification) attacks in Israel and in accordance to Israeli law. Such attacks might origin from external adversaries (such as one of Israel's enemies), business entities or even internal parties with the government. This proposal is concerned with possible attacks on centralized anonymized databases and the lack of harmonization in dealing with this challenge. Using de-anonymization tools hackers could potentially gain access to sensitive information in large magnitude. This risk is imminent in light of concerns raised by scholars as to the ability to truly anonymize data. Thus, the main question this proposal wishes to examine is how should governmental agencies prepare themselves in light of the cyber threats to sensitive data? What are the boundaries of their actions and what steps must they consider?