By Seth Borenstein and Jack Gillum - Associated Press
The study out of the Massachusetts Institute of Technology, published Thursday in the journal Science, examined three months of credit card records for 1.1 million people.
"We are showing that the privacy we are told that we have isn't real," study co-author Alex "Sandy" Pentland of MIT said in an email. His research found that adding just a glimmer of information about a person from an outside source was enough to identify him or her in the trove of financial transactions they studied.
Companies routinely strip away personal identifiers from credit card data when they share information with outsiders, saying the data is now safe because it is "anonymized." But the MIT researchers showed that anonymized isn't quite the same as anonymous.
Drawing upon a sea of data in an unnamed developed country, the researchers pieced together available information to see how easily they could identify somebody. They looked at information from 10,000 shops, with each data piece time-stamped to calculate how many pieces of data it would take on average to find somebody, said study lead author Yves-Alexandre de Montjoye, also of MIT.
In this case the experts needed only four pieces, three if price is involved.