Bob Gellman always provides a lot of food for thought (see, for example, his recent comment on another post and the article he links to). Another one of his papers, mentioned in a past post, is now published in the Fordham Intellectual Property, Media & Entertainment Law Journal (2011, vol 21, 33-61) and is available online: The Deidentification Dilemma: A Legislative and Contractual Proposal. Here’s the abstract:
Deidentification is one method for protecting privacy while permitting other uses of personal information. However, deidentified data is often still capable of being reidentified. The main purpose of this article is to offer a legislative-based contractual solution for the sharing of deidentified personal information while providing protections for privacy. The legislative framework allows a data discloser and a data recipient to enter into a voluntary contract that defines responsibilities and offers remedies to aggrieved individuals.
Thanks to the World Privacy Forum for making me aware of this.