Once released to the public, data cannot be taken back. As time passes, data analytic techniques
improve and additional datasets become public that can reveal information about the original data. It follows that released data will get increasingly vulnerable to re-identification—unless
methods with provable privacy properties are used for the data release.
Due to the ad hoc de-identification methods applied to currently released datasets, the chances of
re-identification depend highly on the progress of re-identification tools and the auxiliary datasets available to an adversary. The probability of a privacy violation in the future is essentially
unknowable. In general, a precautionary approach deals with uncertain risk by placing the burden of proof that an action is not harmful on the person taking the action. Here, we argue for a
weak version of the precautionary approach, in which the idea that the burden of proof falls on
data releasers guides policies that incentivize them not to default to full, public releases of datasets using ad hoc de-identification methods.