Inferensys

Glossary

Quasi-Identifier (QID)

A quasi-identifier (QID) is a set of non-sensitive attributes that, when combined with external data, can uniquely or nearly uniquely identify an individual record within a dataset.
Data scientist building training data pipeline on laptop, data preprocessing visible, technical workspace.
De-identification Pipelines

What is a Quasi-Identifier (QID)?

A quasi-identifier (QID) is a set of non-sensitive attributes that, when combined with external data, can uniquely or nearly uniquely identify an individual record within a dataset.

A quasi-identifier (QID) is a set of non-sensitive attributes—such as date of birth, gender, or postal code—that do not directly identify an individual but can be linked with external datasets to re-identify records. Unlike direct identifiers like names or social security numbers, QIDs appear innocuous in isolation but become high-risk when combined, enabling adversaries to perform linkage attacks against supposedly anonymized data.

In privacy-preserving machine learning, managing QIDs is the core challenge of de-identification pipelines. Techniques like k-anonymity and generalization hierarchies are applied to QID attributes to ensure each record is indistinguishable from at least k other records. Failure to properly identify and transform QIDs before model training or data sharing undermines the entire privacy posture, as demonstrated by the famous re-identification of the Massachusetts Group Insurance Commission dataset using only ZIP code, birth date, and sex.

ANATOMY OF A QID

Core Characteristics of Quasi-Identifiers

Quasi-identifiers are not direct identifiers like names or social security numbers, but their combinatorial power makes them the central challenge in de-identification pipelines. Understanding their core characteristics is essential for implementing robust privacy models.

01

Combinatorial Linkability

A single quasi-identifier is rarely identifying on its own. The privacy risk emerges from the intersection of multiple attributes. An adversary links QIDs across datasets using a linkage key formed by concatenating attributes like ZIP code, gender, and date of birth. This is the foundational principle behind re-identification attacks demonstrated by Sweeney and others, where over 87% of the U.S. population becomes unique using only three attributes.

87%
U.S. population unique with ZIP, gender, DOB
02

Context-Dependent Sensitivity

An attribute's status as a quasi-identifier is not intrinsic; it depends entirely on the availability of external datasets. A diagnosis code might be a QID in a small town with a public health registry but not in a large anonymized metropolitan dataset. This requires privacy engineers to perform adversarial modeling against known auxiliary data sources like voter rolls, property records, and social media profiles.

Contextual
Risk is relative to available auxiliary data
03

Granularity and Uniqueness

The identifying power of a QID is inversely proportional to its granularity. A full date of birth is far more identifying than a birth year. De-identification techniques like generalization and suppression systematically reduce granularity to create equivalence classes of size k. The goal is to ensure each record is indistinguishable from at least k-1 others, directly addressing the singling-out risk.

k ≥ 5
Common minimum equivalence class size
04

Temporal Persistence

Unlike passwords or tokens, most quasi-identifiers are immutable or slowly changing over a lifetime. Date of birth, place of birth, and ethnicity are permanent. This temporal persistence means a de-identified dataset released today remains vulnerable to future re-identification as new auxiliary datasets become available. Privacy budgets must account for this long-term risk horizon.

Permanent
Risk window for immutable attributes
05

Separation from Sensitive Attributes

In privacy models like k-anonymity and l-diversity, a strict logical separation exists between QIDs and sensitive attributes. QIDs are the attributes available to an adversary for linkage, while sensitive attributes like medical conditions or salaries are what the adversary seeks to discover. This distinction is critical: protecting QIDs prevents re-identification, while protecting sensitive attributes prevents attribute disclosure within an identified equivalence class.

QID vs. SA
Core distinction in privacy models
06

Statistical Fingerprinting

Even when individual QIDs are generalized, the joint distribution of attributes can create a unique fingerprint. A combination of rare attributes—even in broad categories—can single out an individual. This is the attack vector addressed by t-closeness, which requires the distribution of sensitive values within any equivalence class to mirror the overall dataset distribution, preventing skewness attacks that exploit statistical outliers.

t-closeness
Defense against distributional attacks
DECODING QIDS

Frequently Asked Questions About Quasi-Identifiers

Clear, technical answers to the most common questions about quasi-identifiers, their role in re-identification risk, and how they are managed in modern de-identification pipelines.

A quasi-identifier (QID) is a set of non-sensitive attributes that, when combined with external data, can uniquely or nearly uniquely identify an individual record within a dataset. Unlike direct identifiers (e.g., name, social security number), a single QID attribute like gender or ZIP code is not identifying on its own. However, the linking power emerges from their combination. For example, the triplet of Date of Birth, Gender, and 5-digit ZIP Code has been shown to uniquely identify 87% of the U.S. population. QIDs work by enabling linkage attacks, where an adversary cross-references the QID attributes in a de-identified dataset with a publicly available identified dataset (like voter rolls) to re-identify individuals. The formal identification of QIDs is the foundational step in applying privacy models like k-anonymity.

IDENTIFIABILITY TAXONOMY

Direct Identifiers vs. Quasi-Identifiers

A comparison of attributes that directly name an individual versus those that require combination with external data to achieve singling out.

FeatureDirect IdentifiersQuasi-Identifiers (QIDs)

Definition

Attributes that uniquely and immediately name a specific individual without additional context.

Attributes that do not name an individual alone but can uniquely identify when linked with external datasets.

Re-identification Mechanism

Direct lookup; no inference required.

Linkage attack using auxiliary information to narrow equivalence classes.

Examples

Full name, Social Security Number, email address, passport number, biometric template.

Date of birth, ZIP code, gender, occupation, marital status, census tract.

HIPAA Safe Harbor Treatment

Must be removed entirely (18 specific identifiers listed).

Not explicitly listed; risk assessed via Expert Determination or statistical de-identification.

Primary Mitigation Strategy

Suppression, pseudonymization, or tokenization.

Generalization, suppression, or achieving k-anonymity within equivalence classes.

Uniqueness in Population

Guaranteed unique by design (e.g., SSN is a 1:1 mapping).

Context-dependent; 87% of the U.S. population is uniquely identifiable by {DOB, ZIP, Gender}.

Utility Trade-off

Low analytical utility loss when removed; rarely essential for statistical analysis.

High analytical utility; over-suppression or coarse generalization destroys data usefulness.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.