Why is the claim "data that look anonymous are often not" a foundational warning in data privacy?
Stripping names feels like anonymization, but combinations of leftover attributes can still single out individuals — apparent anonymity is not real anonymity.
This idea, associated with Harvard's Latanya Sweeney, is the thesis the whole field is built on. Sweeney famously showed that 87% of Americans could be uniquely identified by just three "harmless" attributes: 5-digit ZIP code, gender, and date of birth. None of those is a name, yet together they fingerprint almost everyone.
The lesson: anonymization is not about deleting the obvious identifiers. It's about reasoning over every attribute and every way they can be combined — within your dataset and against outside data — to re-pin a record to a person.
Tip: "Anonymous-looking" is a statement about how the data feels; "anonymous" is a statement about what an attacker can do. Only the second one counts.
Go deeper:
k-Anonymity: A Model for Protecting Privacy (Sweeney, 2002) — the primary paper behind the 87%-from-ZIP-gender-DOB result.
Data re-identification (Wikipedia) — surveys how "anonymous" releases keep getting reversed.