Nate Anderson writes:
The Massachusetts Group Insurance Commission had a bright idea back in the mid-1990s—it decided to release “anonymized” data on state employees that showed every single hospital visit. The goal was to help researchers, and the state spent time removing all obvious identifiers such as name, address, and Social Security number. But a graduate student in computer science saw a chance to make a point about the limits of anonymization.
Latanya Sweeney requested a copy of the data and went to work on her “reidentification” quest. It didn’t prove difficult.
Read more on Ars Technica