This paper focuses on the re-identification of personal data and discusses the legal risks and management implications of big data transactions. A comprehensive empirical study of the Taiwanese courts' decisions regarding the de-identification of personal data is conducted. The findings indicate that the Taiwanese courts are unaware of the risk of re-identification. In the Student Information case, the university recognized that de-identified personal data poses a re-identification risk. However, the court stated that further elaboration on this concern was unnecessary, thereby missing a critical opportunity to pass a judgment that would address re-identification risk. In the Health Insurance case, the Supreme Administrative Court focused on procedural concerns regarding whether the de-identification process should be performed by the data provider or the recipient, and denied the plaintiff's argument about re-identification risk. This paper proposes that a validation measure for determining whether specific individuals may be identifiable based on partial personal data and whether this process makes the whole of their personal data obtainable would be suitable for use in assessments of re-identification risk. In light of the proposed method, the Supreme Administrative Court's complete negation of the evidentiary method proposed by the plaintiff is debatable. Regarding a possible mechanism to reduce the re-identification risk, this paper argues that for most research, absolute precision is not required, and that the ideal approach for de-identification is the ＂generalization treatment,＂ which can balance the protection of personal data privacy and data usability. In this approach, the data provider must validate the efficacy of de-identification before transactions to ensure that the de-identification process has completely eradicated or substantially reduced the re-identification risk, thereby reducing the infringement risk. To validate whether the de-identification of big data is reliable, several datasets belonging to known individuals must be examined to confirm whether the individuals may identified from the datasets.