1. Kallukaran P, Kagan J. Data mining at IMS Health: how we turned a mountain of data into a few information-rich molehills [presentation]. Proceedings of 24th Annual SAS Users Group International Conference; Apr11–14; Miami Beach (FL). 1999. Paper 127.
2. Foley J. An overview of the research value of administrative data from private sector drug plans [presentation]. 9th World Conference on Clinical Pharmacology and Therapeutics; Jul 27–Aug 1; Québec (QC). 2008.
3. Zoutman D, Ford B, Bassili A. The confidentiality of patient and physician information on pharmacy prescription records. CMAJ. 2004;170(5):815–816. [PMC free article] [PubMed]
4. Zoutman D, Ford B, Bassili A. Privacy of pharmacy prescription records [letter: author response] CMAJ. 2004;171(7):712.
5. Porter C. De-identified data and third party data mining: the risk of re-identification of personal information Shidler J Law Comm Technol 2008. 51Article 3.
6. Perun H, Orr M, Dimitriadis F. Guide to the Ontario Personal Health Information Protection Act. Toronto (ON): Irwin Law; 2005.
7. MedMap drug utilization program: program overview 2008. Ottawa (ON): Brogan Inc; 2008.
8. Hansell S. AOL removes search data on group of web users. New York Times. 2006 Aug 8;:C4. [PubMed]
9. Barbaro M, Zeller T., Jr A face is exposed for AOL searcher no. 4417749. New York Times. 2006 Aug 9;:A1.
10. Zeller T., Jr AOL moves to increase privacy on search queries. New York Times. 2006 Aug 22;
11. Ochoa S, Rasmussen J, Robson C, Salib M. Reidentification of individuals in Chicago’s homicide database: a technical and legal study. Cambridge (MA): Massachusetts Institute of Technology; 2008.
12. Narayanan A, Shmatikov V. Robust de-anonymization of large datasets (how to break anonymity of the Netflix prize dataset) Austin (TX): University of Texas at Austin; 2008.
13. Sweeney L. Computational disclosure control: a primer on data privacy protection. Cambridge (MA): Massachusetts Institute of Technology; 2001.
14. Southern Illinoisan v. Department of Public Health (Ill. App. Dist. 5, 2004).
15. Southern Illinoisan v. Illinois Department of Public Health (Ill. 2006).
16. Mike Gordon v. The Minister of Health (2006), 2008 FC 258. Affidavit of Bill Wilson.
17. Data loss database—2008 yearly report. Glen Allen (VA): Open Security Foundation; 2008.
18. Verizon Business Risk Team 2008 data breach investigations report. Verizon; 2008.
19. Yolles B, Connors J, Grufferman S. Obtaining access to data from government-sponsored medical research. N Engl J Med. 1986;315(26):1669–1672. [PubMed]
20. Cecil J, Boruch R. Compelled disclosure of research data: an early warning and suggestions for psychologists. Law Hum Behav. 1988;12(2):181–189.
21. El Emam K, Dankar F. Protecting privacy using k-anonymity. J Am Med Inform Assoc. 2008;15(5):627–637. [PMC free article] [PubMed] 22. El Emam K, Jabbouri S, Sams S, Drouet Y, Power M. Evaluating common de-identification heuristics for personal health information. J Med Internet Res. 2006;8(4):e28. [PMC free article] [PubMed]
23. Gross R, Acquisti A. Information revelation and privacy in online social networks (the Facebook case) [presentation] De Capitani di Vimercati S, Dingledine R, editors. Proceedings of the Workshop on Privacy in the Electronic Society 2005. November7Alexandria (VA)New York (NY)The Association for Computing Machinery; 2005. 71–80.80.
24. Dwyer C, Hiltz S. Trust and privacy concern within social networking sites: a comparison of Facebook and MySpace [presentation] Proceedings of the Americas Conference on Information Systems2007. Aug 9–12Keystone (CO)Paper 339.
25. Sweeney L. Achieving k-anonymity privacy protection using generalization and suppression. Int J Uncertain Fuzziness Knowl Based Syst. 2002;10(5):571–588.
26. Duncan G, Jabine T, de Wolf S. Private lives and public policies: confidentiality and accessibility of government statistics. Washington (DC): National Academies Press; 1993.
27. de Waal A, Willenborg L. A view on statistical disclosure control for microdata. Surv Methodol. 1996;22(1):95–103.
28. Cancer Care Ontario data use and disclosure policy. Toronto (ON): Cancer Care Ontario; 2005.
29. Security and confidentiality policies and procedures. Saskatoon (SK): Health Quality Council; 2004.
30. Privacy code. Saskatoon (SK): Health Quality Council; 2004.
31. Privacy code. Winnipeg (MB): Manitoba Centre for Health Policy; 2002.
32. Federal Committee on Statistical Methodology, Subcommittee on Disclosure Limitation Methodology Report on statistical disclosure control. Working Paper 22. Washington (DC)Office of Management and Budget; 1994.
34. El Emam K. Heuristics for de-identifying health data. IEEE Secur Priv. 2008 Jul-Aug;:72–75.
35. Ciriani V, De Capitani di Vimercati S, Samarati P. k-Anonymity. In: Yu T, Jajodia S, editors. Secure data management in decentralized systems. New York (NY): Springer; 2007.
36. El Emam K, Dankar F, Issa RJ, Jonker E, Amyot D, Cogo E, et al. A globally optimal k-anonymity method for the de-identification of health data. J Am Med Inform Assoc. Forthcoming in 2009.
37. Samarati P. Protecting respondents’ identities in microdata release. IEEE Trans Knowl Data Eng. 2001;13(6):1010–1027.
38. Trottini M.Assessing disclosure risk and data utility: a multiple objectives decision problem. UNECE/Eurostat Work Session on Statistical Data Confidentiality; 2003. Working Paper 19.
39. Sweeney L. Achieving k-anonymity privacy protection using generalization and suppression. Int J Uncertain Fuzziness Knowl Based Syst. 2002;10(5):18.
40. Bayardo R, Agrawal R. Data privacy through optimal k-anonymization; Proceedings of 21st International Conference on Data Engineering; 2005 Apr 5–8; Tokyo (Japan); Los Alamitos (CA): IEEE Computer Society; 2005. pp. 217–228.
41. LeFevre K, DeWitt D, Ramakrishnan R. Mondrian multidimensional k-anonymity Barga RS, Zhou X, editors. Proceedings of 22nd International Conference on Data Engineering; 2006 Apr 3–8; Atlanta (GA) Los Alamitos (CA)IEEE Computer Society; 2006. 25.
42. Hore B, Jammalamadaka R, Mehrotra S. Proceedings of SIAM International Conference on Data Mining; 2007 Apr 26–28; Minneapolis (MN) Philadelphia (PA): Society for Industrial and Applied Mathematics; 2007. Flexible anonymization for privacy preserving data publishing: a systematic search based approach; pp. 497–502.
43. Xu J, Wang W, Pei J, Wang X, Shi B, Fu A. Utility-based anonymization for privacy preservation with less information loss. ACM Spec Int Group Knowl Discov Data Explor Newsl. 2006;8(2):21–30.
44. Nergiz M, Clifton C. Thoughts on k-anonymization. Data Knowl Eng. 2007;63(3):622–643.
45. Polettini S. A note on the individual risk of disclosure. Rome (Italy): Istituto nazionale di statistica; 2003.
46. Machanavajjhala A, Gehrke J, Kifer D, Venkitasubramaniam M. L-diversity: privacy beyond k-anonymity. ACM Trans Knowl Disc Data. 2007;1(1) Article 3.
47. Aggarwal G, Feder T, Kenthapadi K, Motwani R, Panigrahy R, Thomas D, et al. Proceedings of the 10th International Conference on Database Theory; 2005 Jan 5–7; Edinburgh (UK) New York (NY): Springer; 2005. Anonymizing tables. Lecture Notes in Computer Science 3363; pp. 246–258.
48. Little R, Rubin D. Statistical analysis with missing data. New York (NY): John Wiley & Sons; 1987.
49. Eguale T, Bartlett G, Tamblyn R. Rare visible disorders/diseases as individually identifiable health information. Proceedings of the American Medical Informatics Association Symposium; Oct 22–26; Washington (DC). 2005. p. 947.
50. Guidance document: taking privacy into account before making contracting decisions. Ottawa (ON): Treasury Board of Canada Secretariat; 2006.
51. Privacy impact assessment guidelines: a framework to manage privacy risks. Ottawa (ON): Treasury Board of Canada Secretariat; 2002.
52. Canadian Institute for Health Information privacy tool kit. Ottawa (ON): Canadian Institute for Health Information; 2003.
53. Privacy and confidentiality of health information at CIHI: principles and policies for the protection of personal health information 2007. Ottawa (ON): Canadian Institute for Health Information; 2007.
54. CIHR best practices for protecting privacy in health research. Ottawa (ON): Canadian Institutes of Health Research; 2005.
55. COACH guidelines for the protection of health information. Toronto (ON): Canadian Organization for Advancement of Computers in Health; 2006.
56. Collins P, Slaughter P, Roos N, Weisbaum KM, Hirtle M, Williams JI, et al. Privacy best practices for secondary data use: harmonizing research and privacy. Toronto (ON): Institute for Clinical Evaluative Sciences; 2006.