Presentation is loading. Please wait.

Presentation is loading. Please wait.

Statistical confidentiality and privacy. 2. Case study: IPUMS-International www.ipums.org/international * * * Robert McCaa Minnesota Population Center.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Statistical confidentiality and privacy. 2. Case study: IPUMS-International www.ipums.org/international * * * Robert McCaa Minnesota Population Center."— Presentation transcript:

1 Statistical confidentiality and privacy. 2. Case study: IPUMS-International www.ipums.org/international * * * Robert McCaa Minnesota Population Center rmccaa@umn.edu www.ipums.org/international rmccaa@umn.edu www.ipums.org/international rmccaa@umn.edu “ Inadequate use of microdata has high costs ” --Len Cook (2003, registrar general, ONS)

2 MPC: largest provider of integrated microdata to trusted, non-commercial researchers International (census) USA (census) Employment History (19 th c.) GIS Health Time-Use

3 IPUMS-Global (first 10 years) dark green = integrated and disseminating (44 countries, 130 censuses, 279 millon person records) green = to be integrated (35 countries, 90 censuses, 150 mill.) Mollweide projection Inventory: * = IPUMS confidentiality protocols used See “Inventory” handout

4 1. IPUMS: A restricted access, web-based microdata dissemination system 2. IPUMS: The trusted user/institution approach » A. Legal Disclosure Controls » B. Administrative Disclosure Controls » C. Technical Disclosure Controls » Example: Saint Lucia, 1991 3. IPUMS Assessments (2007): » UN-ECE Case Study » Trewin on-site evaluation Outline: IPUMS statistical confidentiality methods

5 1. IPUMS-International: Goals 1. Inventory census microdata and documentation, world-wide 2. Recover and preserve at-risk microdata 3. Integrate census microdata and documentation 4. Disseminate--without cost--extracts of samples to bona-fide researchers worldwide, regardless of country of birth, citizenship or residence. » Sustained funding 1999-2015—6 grants of 5 years duration: » National Science Foundation (USA): 3 successive grants » National Institutes of Health (USA): Latin America, Europe, Eur-Asia

6 IPUMS-International: a restricted-access, web-based microdata extraction system » Researcher licensed to access microdata: 1/3 rejected » NO: Public access, source files, or complete datasets » Licensed researcher selects: » Countries, » Censuses, » Cases/sub-populations, » Variables, and sample densities » Extract engine queues request, generates extract » Password protected: to make and retrieve extracts » Researcher retrieves extract via web with SSL 128-bit encryption and analyzes using own wares (soft/hard/wet)

7 6 steps using www.ipums.org/international: 1. Logon w/ password 2a. Study documentation 2b. Design extract 3. Receive email; logon with p/word 4. Download extract (SSL encrypted) 5. UnZip data (also SAS, STATA) 6. Analyze See “10 tips” handout

8 IPUMS-International: world’s largest disseminator of integrated microdata to trusted, non-commercial researchers » 1999: Founded by Steven Ruggles and Bob McCaa, –restrict access to trusted users, and apply corresponding confidentiality techniques » 2002: 1 st release of integrated samples for 7 countries; >200 users in first year » Big success! 80+ countries signed; 70+ entrusted microdata to IPUMS, datasets for more than 250 censuses, >180 entire datasets » 2006…

9 IPUMS-International: world’s largest disseminator of integrated microdata to trusted, non-commercial researchers » 1999: Founded » 2006, 3 rd release: » data for 20 countries, samples for 63 censuses, » 185 million person records, » >1,000 users » 2010, 7 th release: » data for ~50 countries, samples for ~160 censuses » ~300 million person records » >4,000 users » Note: data extracts are provided only to licensed users.

10 2. IPUMS-International The “trusted-user/institution” approach to disseminating integrated, anonymized microdata extracts Disclosure Controls: A. Legal: Memorandum with NSI B. Administrative: License with researchers C. Technical: Sample, Data modifications

11 3 kinds of confidentiality protections: A. Legal: Dissemination agreement between University of Minnesota and each National Statistical Institute » Uniform 11 point Memorandum of Understanding regarding: ownership, use, authorization, restrictions, confidentiality, security, publication, violations, sharing, arbitration, and order of precedence B. Administrative: conditional use license between the University of Minnesota and each researcher » Permission to use restricted access microdata, 3 criteria: research need, research competence, and agree to abide by conditions of use license C. Technical data protection measures » Specific to each country …/

12 A. NSI with U of Minnesota

13 A. NSI with U. of Minnesota

14 3 kinds of confidentiality protections: A. Legal: Dissemination agreement between University of Minnesota and each National Statistical Institute » Uniform 11 point Memorandum of Understanding regarding: ownership, use, authorization, restrictions, confidentiality, security, publication, violations, sharing, arbitration, and order of precedence B. Administrative: conditional use license between the University of Minnesota and each researcher » Permission to use restricted access microdata, 3 criteria: research need, research competence, and agree to abide by conditions of use license C. Technical data protection measures » Specific to each country …/

15 Legally-binding license agreement » forces would-be intruder to violate law by which they can be fined and/or jailed » Researcher’s institution sanctioned » protects privacy and confidentiality » assures proper use Access limited to: » Bona-fide researchers (credentials) » With a demonstrated scientific need » who agree to abide by license restrictions » Confidentiality » No redistribution » Safely secured » Alleging that a person has been identified is prohibited B. License with researchers Restricted Access web-based system LICENSELICENSELICENSELICENSE IPUMSiIPUMSiIPUMSiIPUMSi

16 Legally-binding license agreement » forces would-be snoopers to violate law » protects privacy and confidentiality » assures proper use Access limited to: » Bona-fide researchers (credentialed) » with demonstrated scientific need » who agree to abide by license restrictions » Confidentiality » No redistribution, no commercial use » Data safely secured » Alleging that a person can be or has been identified is a violation B. License with researchers Restricted Access web-based system LICENSELICENSELICENSELICENSE IPUMSiIPUMSiIPUMSiIPUMSi

17

18

19 “Apply for Access”

20

21

22

23

24 Must click acceptance of each restriction to gain access.

25 End of application

26 C. 9 Technical Disclosure Controls (Thorogood, 1999) 1. Restrict access to samples 2. Limit geographical detail 3. Recode sparse categories 4. Truncate top and bottom codes 5. Construct age from birthdate, if necessary 6. Suppress: date of birth, precise place of birth 7. Migration: timing/place not identified in detail 8. Identify place of residence by major civil division (pop>20k, 60k, 100k, 250k, 1 million—i.e., national convention) 9. Suppress any sensitive variable requested by NSI

27 C. Technical Disclosure Controls Example: Saint Lucia, 1991 Census 1. Restrict access to samples: 10% (13,405 persons) 2. Limit geographical detail (n<2,000): suppress region, district, town, settlement, enumeration district, school identification; retain urban-rural 3. Recode sparse categories (n<25)  “other”. » Type of dwelling: suppress townhouse, barracks » Land occupation: suppress sharecrop » Type of ownership: suppress squatted, leased » Type of roof: suppress 5 categories » Wall material: suppress 5 categories » Water supply: suppress pubwell » Type of lighting: suppress gas » Ethnic origin: suppress Chinese, Portuguese, Syrian-Lebanese » Religion: suppress 6 categories » School, work mode of transport: bicycle » Type of school: technical institute, university » Number of hours worked last wee’k: 5 hour groups., 70+ » Pay period: suppress quarterly, annually » Occupation, industry, training code: reduce from 4 digits to 1

28 C. Technical Disclosure Controls Example: Saint Lucia, 1991 4. Top-bottom code » Number of rooms: 10+ » Number of bedrooms: 7+ » Number of radios: 4+ » Number of tvs: 3+ » Number of videos: 2+ » Number of emigrants in dwelling: 2+ » Age: 81+ » Age at first child: <= 14 » Age at first union: <=14, 41+ » Age at last child: <=14, 45+ » Number of school subjects: =7 » Income categories: 8+

29 C. Technical Disclosure Controls Example: Saint Lucia, 1991 5. Suppress: » date of birth, precise place of birth, type of work wanted 6. Migration: timing/place not identified in detail » Country last lived: suppress 37 categories » Year of immigration: <1948 7. Identify place of residence by major civil division (pop>20k, 60k, 100k, 250k, 1 million—i.e., national convention) » all suppressed 8. Suppress any sensitive variable requested by NSI: » none (as yet)

30 3. Assessments: A. Why was IPUMS cited as “good practice” by the UN-ECE (2007, Annex 23, pp. 98-103)? http://www.unece.org/stats/documents/tfcm.htm http://www.unece.org/stats/documents/tfcm.htm

31 UN-ECE Good practices (see annex 23): 1. High level of confidence and transparency between the researchers (users) and the national statistical institutes 2. The data are anonymized by highly efficient technical means 3. The conditions of use are well defined 4. Good use is assured by both juridical and administrative mechanisms to prevent violations 5. Sanctions for misuse are clearly spelled out 6. Sanctions are imposed not only against those who misuse the data but also against their institutions

32 “The security of the computing environment used by IPUMS-International is first class and appears to be of the standard of the best statistical offices.” --Dennis Trewin, former-Australian Statistician, past-President International Statistical Institute, chair, UN-ECE Committee on Managing Statistical Confidentiality and Microdata Access (CES 2007) B. The Trewin Report: See “Trewin Report” handout

33 Statistical confidentiality and security: see the on-site review by Dennis Trewin www.hist.umn.edu/~rmccaa/ipums-global (click “Trewin Report”) www.hist.umn.edu/~rmccaa/ipums-global An Outsider’s view from inside IPUMS-International: » “The best practice for an international repository of microdata” » “The security of IPUMS is first class…the standard of the best national statistical offices” » “in full compliance with the principles and recommendations of the ECE”

34 1. Uniform legal authorization with national statistical authorities 2. Access restricted to academics with need who agree to abide by stringent confidentiality protections. Sanctions against individual and institution—denial of access to all microdata for the entire institution 3. Strong technical methods of microdata anonymization 4. Experienced integration teams 5. Proven web-based access management system 6. High producer and user satisfaction 7. Sustainable: MPC, NSF, NIH IPUMS-International strengths

35 Join us at the 58 th ISI: Dublin, Aug 21-26, 2011 http://www.isi2001.ie » IPUMS Workshop, Aug 19-20. » Microdata sessions. » IPUMS Funding for delegates from developing countries. » IPUMS booth » Participate in ISI sessions. » Network with stat offices, international agencies, etc.

36 Thank you! More: www.hist.umn.edu/~rmccaa/ipums-global see: Durban workshop (2009): Microdata recovery, Jamaica report Lisbon workshop (2007): Saint Lucia report * * * * * * Contact: rmccaa@umn.edu this ppt is also available at: ipums-global (See “Port of Spain workshop”) www.hist.umn.edu/~rmccaa/ipums-globalrmccaa@umn.edu ipums-global www.hist.umn.edu/~rmccaa/ipums-globalrmccaa@umn.edu ipums-global

Download ppt "Statistical confidentiality and privacy. 2. Case study: IPUMS-International www.ipums.org/international * * * Robert McCaa Minnesota Population Center."

Similar presentations

National Science Foundation Division of Science Resources Statistics May 15 2008 The Confidential Information Protection and Statistical Efficiency Act.

National Science Foundation Division of Science Resources Statistics May The Confidential Information Protection and Statistical Efficiency Act.
How IPUMS Harmonizes Microdata Data Sources and Bibliography Data Sources: Original census data are contributed to the IPUMS- International project by.

How IPUMS Harmonizes Microdata Data Sources and Bibliography Data Sources: Original census data are contributed to the IPUMS- International project by.
Using synthetic data to improve the accessibility of the SLS Susan Carsley, SLS Project Manager.

Using synthetic data to improve the accessibility of the SLS Susan Carsley, SLS Project Manager.
Welcome IPUMS/IECM-Europe Workshop: Accomplishments, plans and challenges https://international.ipums.org/international * * * Robert McCaa, Professor of.

Welcome IPUMS/IECM-Europe Workshop: Accomplishments, plans and challenges * * * Robert McCaa, Professor of.
IPUMS workshop https://international.ipums.org * * * Robert McCaa, Professor of Population History University of Minnesota additional information.

IPUMS workshop * * * Robert McCaa, Professor of Population History University of Minnesota additional information.
Census 2000 symposium, session 4 paper 261 Archiving Census Documentation and Microdata: Preserving Memory, Increasing Stakeholders * * * Wendy L. Thomas.

Census 2000 symposium, session 4 paper 261 Archiving Census Documentation and Microdata: Preserving Memory, Increasing Stakeholders * * * Wendy L. Thomas.
Www.ipums.org/international1 Using www.ipums.org/international a restricted-access web-site of anonymized, integrated census microdata (for 1, 2, 3, 4,

Using a restricted-access web-site of anonymized, integrated census microdata (for 1, 2, 3, 4,
Hist.umn.edu/~rmccaa/ipums-europe1 IPUMS i integration principles IPUMS i integration principles » 1. Respect absolute anonymity and confidentiality »

Hist.umn.edu/~rmccaa/ipums-europe1 IPUMS i integration principles IPUMS i integration principles » 1. Respect absolute anonymity and confidentiality »
4. Creating an Extract (9 slides). 4. Creating an extract » Password protected: to make and retrieve extracts » Licensed researcher selects: » Countries,

4. Creating an Extract (9 slides). 4. Creating an extract » Password protected: to make and retrieve extracts » Licensed researcher selects: » Countries,
1 Assortative Mating Patterns in the Developing World Albert Esteve* and Robert McCaa** Presented by: Sula Sarkar** * Centre d ’ Estudis Demogr à fics.

1 Assortative Mating Patterns in the Developing World Albert Esteve* and Robert McCaa** Presented by: Sula Sarkar** * Centre d ’ Estudis Demogr à fics.
St. Lucia Country Report By Edwin St Catherine Director, Central Statistical Office Presented to IPUMS Workshop August 24 th, 2007.

St. Lucia Country Report By Edwin St Catherine Director, Central Statistical Office Presented to IPUMS Workshop August 24 th, 2007.
A proposal to preserve, integrate and manage access to anonymized census samples of the Official Statistical Agencies of the Arab States in cooperation.

A proposal to preserve, integrate and manage access to anonymized census samples of the Official Statistical Agencies of the Arab States in cooperation.
6. Managing access to IPUMS integrated census microdata “extracts” (13 slides)

6. Managing access to IPUMS integrated census microdata “extracts” (13 slides)
Preservation and Security IPUMS International Wendy Thomas Data Archivist.

Preservation and Security IPUMS International Wendy Thomas Data Archivist.
Www.ipums.org/international1 Calibrating census microdata against a gold standard (employment survey): women in the workforce, Mexico 1970, 1990 and 2000.

Calibrating census microdata against a gold standard (employment survey): women in the workforce, Mexico 1970, 1990 and 2000.
Hist.umn.edu/~rmccaa/ipums-europe1 Sister-project: IPUMS-Latin America: 17 countries, ~500 million pop., 5 census rounds 80+ samples, 100+ million person.

Hist.umn.edu/~rmccaa/ipums-europe1 Sister-project: IPUMS-Latin America: 17 countries, ~500 million pop., 5 census rounds 80+ samples, 100+ million person.
Www.ipums.org/international 54th ISI, Berlin 20031 IPUMS-International: A Restricted Access Web-Site Providing Anonymized, Integrated Census Microdata.

54th ISI, Berlin IPUMS-International: A Restricted Access Web-Site Providing Anonymized, Integrated Census Microdata.
Building Historical Social Science Infrastructure: Data Integration Projects of the Minnesota Population Center Steven Ruggles Minnesota Population Center.

Building Historical Social Science Infrastructure: Data Integration Projects of the Minnesota Population Center Steven Ruggles Minnesota Population Center.
Proposed IPUMS-International Secure Data Enclave Patricia Kelly Hall

Proposed IPUMS-International Secure Data Enclave Patricia Kelly Hall
5. Integration of Microdata and Metadata (9 slides)

5. Integration of Microdata and Metadata (9 slides)

Similar presentations

Ads by Google