She said organizations should consider security and privacy risks before they even begin data collection. Among questions to ask are: "Who might want to steal this data? What could they do with it if they were successful? What is the minimum data set required to accomplish the goal? How can this data set be most effectively secured?"
Hall advocates more use of techniques like RAPPOR (Randomized Aggregatable Privacy-Preserving Ordinal Response) techniques, which allows, "statistics to be collected on the population of client-side strings with strong privacy guarantees for each client, and without linkability of their reports," according to researchers at Cornell University.
That, he said, "can result in win-win in terms of collection of data and analysis with few implications for privacy."
But the bottom line is that there is not a way to guarantee anonymity. "Even if we applied today's cutting edge anonymization techniques across the board," Finch said, "five years from now new technologies and new data sets could potentially make that data re-identifiable."
Sign up for CIO Asia eNewsletters.