Paul Ohm has a terrific new paper out on SSRN, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization (forthcoming in UCLA Law Review). It discusses how statistical techniques have made it increasingly easy to re-identify anonymized data sets, and to apply that information to other identification problems (for example, taking information from one’s movie ratings on Netflix and using it to figure out someone’s Facebook friends). This change in statistical power – enhanced by readily available computer computational power – undermines the exceptions embedded in many privacy regimes (think HIPAA) for anonymized data. Paul’s piece is an easy and powerful read. I’m going to assign it in my Information Privacy class next year, and it has changed how I think about regulating privacy. Highly recommended.