scholarly journals How Will Statistical Agencies Operate When All Data Are Private?

2017 ◽  
Vol 7 (3) ◽  
Author(s):  
John M Abowd
Keyword(s):  
Big Data ◽  
Privacy Protection ◽  
Disclosure Limitation ◽  
Dual Problems ◽  
Statistical Disclosure Limitation ◽  
Statistical Disclosure ◽  
Access Controls ◽  
Statistical Agencies ◽  
Paradigm Shifting ◽  
Two Sides

The dual problems of respecting citizen privacy and protecting the confidentiality of their data have become hopelessly conflated in the “Big Data” era. There are orders of magnitude more data outside an agency’s firewall than inside it—compromising the integrity of traditional statistical disclosure limitation methods. And increasingly the information processed by the agency was “asked” in a context wholly outside the agency’s operations—blurring the distinction between what was asked and what is published. Already, private businesses like Microsoft, Google and Apple recognize that cybersecurity (safeguarding the integrity and access controls for internal data) and privacy protection (ensuring that what is published does not reveal too much about any person or business) are two sides of the same coin. This is a paradigm-shifting moment for statistical agencies.

scholarly journals Privacy Protection from Sampling and Perturbation in Survey Microdata

2012 ◽  
Vol 4 (1) ◽  
Author(s):  
Natalie Shlomo ◽  
Chris J. Skinner
Keyword(s):  
Computer Science ◽  
Privacy Protection ◽  
Differential Privacy ◽  
Science Literature ◽  
Confidential Information ◽  
Social Surveys ◽  
Statistical Disclosure Limitation ◽  
Statistical Disclosure ◽  
Key Variables ◽  
Statistical Agencies

Statistical agencies release microdata from social surveys as public-use files after applying statistical disclosure limitation (SDL) techniques. Disclosure risk is typically assessed in terms of identification risk, where it is supposed that small counts on cross-classified identifying key variables, i.e. a key, could be used to make an identification and confidential information may be learnt. In this paper we explore the application of definitions of privacy from the computer science literature to the same problem, with a focus on sampling and a form of perturbation which can be represented as misclassification. We consider two privacy definitions: differential privacy and probabilistic differential privacy. Chaudhuri and Mishra (2006) have shown that sampling does not guarantee differential privacy, but that, under certain conditions, it may ensure probabilistic differential privacy. We discuss these definitions and conditions in the context of survey microdata. We then extend this discussion to the case of perturbation. We show that differential privacy can be ensured if and only if the perturbation employs a misclassification matrix with no zero entries. We also show that probabilistic differential privacy is a viable alternative to differential privacy when there are zeros in the misclassification matrix. We discuss some common examples of SDL methods where in some cases zeros may be prevalent in the misclassification matrix.

scholarly journals Statistical Disclosure Limitation: New Directions and Challenges

2018 ◽  
Vol 8 (1) ◽  
Author(s):  
Natalie Shlomo
Keyword(s):  
Data Dissemination ◽  
Differential Privacy ◽  
Synthetic Data ◽  
Remote Access ◽  
Disclosure Limitation ◽  
Disclosure Risk ◽  
Statistical Disclosure Limitation ◽  
Statistical Disclosure ◽  
Statistical Agencies ◽  
Definition Of

An overview of traditional types of data dissemination at statistical agencies is provided including definitions of disclosure risks, the quantification of disclosure risk and data utility and common statistical disclosure limitation (SDL) methods. However, with technological advancements and the increasing push by governments for openand accessible data, new forms of data dissemination are currently being explored. We focus on web-based applications such as flexible table builders and remote analysis servers, synthetic data and remote access. Many of these applications introduce new challenges for statistical agencies as they are gradually relinquishing some of their control on what data is released. There is now more recognition of the need for perturbative methods to protect the confidentiality of data subjects. These new forms of data dissemination are changing the landscape of how disclosure risks are conceptualized and the types of SDL methods that need to be applied to protect thedata. In particular, inferential disclosure is the main disclosure risk of concern and encompasses the traditional types of disclosure risks based on identity and attribute disclosures. These challenges have led to statisticians exploring the computer science definition of differential privacy and privacy- by-design applications. We explore how differential privacy can be a useful addition to the current SDL framework within statistical agencies.

Sign in / Sign up

Export Citation Format

Share Document