Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Measure of Disclosure Risk for Fully Synthetic Data Mark Elliot Manchester University Acknowledgements: Chris Dibben, Beata Nowak and Gillian Raab.

Published byWesley Edward Merritt Modified over 9 years ago

Similar presentations

Presentation on theme: "A Measure of Disclosure Risk for Fully Synthetic Data Mark Elliot Manchester University Acknowledgements: Chris Dibben, Beata Nowak and Gillian Raab."— Presentation transcript:

1 A Measure of Disclosure Risk for Fully Synthetic Data Mark Elliot Manchester University Acknowledgements: Chris Dibben, Beata Nowak and Gillian Raab.

2 Traditional approaches On partially synthetic data ◦ Reiter (2008), Domingo-Ferrer and Torra (2007) ◦ Reidentification risk is assessed by linkage between original data and synthetic part.

3 Traditional approaches On fully synthetic data ◦ Naive view: Its synthetic why are you even asking this question? ◦ But if the data generation process for the synthetic data is fully saturated?

4 What is synthetic data? Random Data Original Data Pure Noise Fully Saturated Model Useable synthetic/ disclosure controlled data Negligible identification risk Empirical attribution risk Non Negligible identification risk and attribution risk Zone of plausible Inference

5 Disclosure risk and synthetic data On fully synthetic data ◦ Reidentification is meaningless ◦ But attribution is not

6 Approach for the Sylls project Part 1 Empirical differential privacy ◦ Can I learn more about a particular individual from a synthetic dataset based on a source dataset that contains that individuals record than a dataset which does not. ◦ Also interested in relative residuals.

7 Approach for the Sylls evaluation project Test data set ◦ 2011 Living Conditions and Food survey ◦ Synthetic versions of the 2010, 2011, 2012 surveys.

8 Principles Generate a risk measure for a given record based on the Probability of accurate attribution (for categorical targets) Residuals of estimated values (for continuous targets). Non-parametric methodology – similar to the Skinner and Elliot (2002) method.

9 By record empirical differential privacy procedure assuming a categorical target variable 1. Obtain two consecutive years of the same survey dataset. 2. Generate synthetic versions of those data sets. 3. Take a record r at random from the original dataset and using a predefined key (K). i.Match r back onto the original dataset(O) ii.Match r against the synthetic version of O (S) iii.Match r against the synthetic dataset for the other year (S’) 4. Select a target variable T 5. Each of 3 a-c will produce a match set (a set of records which match r). i.The proportion of each match set with the correct value on T is the probability of an accurate attribution (PAA) value for that match set. 6. Repeat 4 and 5 several times with different targets 7. Repeat 3-6 with different records until the PAA values stabilise.

10 General empirical differential privacy procedure assuming a categorical target variable 1. For each record in O record their multivariate class membership for both K and K+T. ◦ The equivalence class for K+T divided by the equivalence class for K for a given record will be the PAA for that record. 2. Repeat 1 for each record in S. Impute the PAA values from S into O against the corresponding records (matched on K+T). 3. Repeat 2 for S’

11 General empirical differential privacy procedure assuming a continuous target variable

12 Key variables Key 1: GOR, Output area classifier, Key 2: GOR, Output area classifier, tenure. Key 3: GOR, Output area classifier, tenure, dwelling type. Key 4: GOR, Output area classifier, tenure, dwelling type, Internet in household.

13 Example residuals for saturated model predicting income for a single case

14 Mean Probability of accurate attribution(PAA) of economic position of household reference person File Key 1 Key 2 Key 3 Key 4 mean cumulative key impact 2011 original0.350.590.720.780.14 2010 synth0.31 0.230.20-0.04 2011 synth0.310.340.260.23-0.03 2012 synth0.31 0.240.21-0.03 baseline0.26 synth2011- baseline 0.050.080.00-0.03 DP residual0.000.03

15 Mean Probability of accurate attribution (PAA) of economic position of household reference person given that a match has occurred. File Key 1 Key 2 Key 3 Key 4 mean cumulative key impact 2011 original0.350.590.720.780.14 2010 synth0.370.45 0.490.04 2011 synth0.330.440.450.480.05 2012 synth0.330.400.420.440.04 baseline0.26 synth2011- baseline 0.060.170.180.21 DP residual - 0.02 0.02 0.01

16 Mean PAA scores over 3 categorical targets across four keys of increasing size.

17 Hit rate for primary key matches from the original file onto the synthetic file. FileKey 1Key 2Key 3Key 4 mean cumulative key impact 2011 original 100% 0% 2010 synth84%69%51%41%-14% 2011 synth95%77%58%48%-16% 2012 synth94%78%57%48%-15% DP residual6%3% 4%

18 Table 10: Residual sizes for estimated weekly income using two keys against the LCF and three synthetic files File Key 1 Key 2 Key 3 Key 4 mean cumulative key impact 2011 original246 174147-33.24 2010 synth401378 396 397-1.19 2011 synth3693683843803.76 2012 synth3763743893873.75 baseline385 synth2011- baseline-15-170-4 DP residual197811

19 Concluding remarks The empirical DP approach to measuring disclosure risk looks promising. Future work ◦ Intruder strategies – optimising key size ◦ Testing with disclosure controlled data ◦ Investigating the impact of risky records ◦ Testing with a wider range of synthetic data

Download ppt "A Measure of Disclosure Risk for Fully Synthetic Data Mark Elliot Manchester University Acknowledgements: Chris Dibben, Beata Nowak and Gillian Raab."

Similar presentations

Alternative Approaches to Data Dissemination and Data Sharing Jerome Reiter Duke University

Alternative Approaches to Data Dissemination and Data Sharing Jerome Reiter Duke University
Estimating Identification Risks for Microdata Jerome P. Reiter Institute of Statistics and Decision Sciences Duke University, Durham NC, USA.

Estimating Identification Risks for Microdata Jerome P. Reiter Institute of Statistics and Decision Sciences Duke University, Durham NC, USA.
Poverty trajectories after risky life events in Germany, Spain, Denmark and the United Kingdom: a latent class approach Leen Vandecasteele Post-doctoral.

Poverty trajectories after risky life events in Germany, Spain, Denmark and the United Kingdom: a latent class approach Leen Vandecasteele Post-doctoral.
Multilevel modelling short course

Multilevel modelling short course
The methodology used for the 2001 SARs Special Uniques Analysis Mark Elliot Anna Manning Confidentiality And Privacy Group (www.capri.man.ac.uk) University.

The methodology used for the 2001 SARs Special Uniques Analysis Mark Elliot Anna Manning Confidentiality And Privacy Group ( University.
Sociology 680 Multivariate Analysis Logistic Regression.

Sociology 680 Multivariate Analysis Logistic Regression.
Confidentiality risks of releasing measures of data quality Jerry Reiter Department of Statistical Science Duke University

Confidentiality risks of releasing measures of data quality Jerry Reiter Department of Statistical Science Duke University
On method-specific record linkage for risk assessment Jordi Nin Javier Herranz Vicenç Torra.

On method-specific record linkage for risk assessment Jordi Nin Javier Herranz Vicenç Torra.
© Statistisches Bundesamt, IIA - Mathematisch Statistische Methoden Summary of Topic ii (Tabular Data Protection) Frequency Tables Magnitude Tables Web.

© Statistisches Bundesamt, IIA - Mathematisch Statistische Methoden Summary of Topic ii (Tabular Data Protection) Frequency Tables Magnitude Tables Web.
United Nations Workshop on the 2010 World Programme on Population and Housing Censuses: Census Evaluation and Post Enumeration Surveys, Amman, Jordan,

United Nations Workshop on the 2010 World Programme on Population and Housing Censuses: Census Evaluation and Post Enumeration Surveys, Amman, Jordan,
STA305 week 31 Assessing Model Adequacy A number of assumptions were made about the model, and these need to be verified in order to use the model for.

STA305 week 31 Assessing Model Adequacy A number of assumptions were made about the model, and these need to be verified in order to use the model for.
1 A Common Measure of Identity and Value Disclosure Risk Krish Muralidhar University of Kentucky Rathin Sarathy Oklahoma State University.

1 A Common Measure of Identity and Value Disclosure Risk Krish Muralidhar University of Kentucky Rathin Sarathy Oklahoma State University.
Assessing Disclosure Risk in Sample Microdata Under Misclassification

Assessing Disclosure Risk in Sample Microdata Under Misclassification
Autocorrelation and Linkage Cause Bias in Evaluation of Relational Learners David Jensen and Jennifer Neville.

Autocorrelation and Linkage Cause Bias in Evaluation of Relational Learners David Jensen and Jennifer Neville.
NLSCY – Non-response. Non-response There are various reasons why there is non-response to a survey  Some related to the survey process Timing Poor frame.

NLSCY – Non-response. Non-response There are various reasons why there is non-response to a survey  Some related to the survey process Timing Poor frame.
Multiple Criteria for Evaluating Land Cover Classification Algorithms Summary of a paper by R.S. DeFries and Jonathan Cheung-Wai Chan April, 2000 Remote.

Multiple Criteria for Evaluating Land Cover Classification Algorithms Summary of a paper by R.S. DeFries and Jonathan Cheung-Wai Chan April, 2000 Remote.
Chapter 7 – K-Nearest-Neighbor

Chapter 7 – K-Nearest-Neighbor
Sampling.

Sampling.
Methods of Geographical Perturbation for Disclosure Control Division of Social Statistics And Department of Geography Caroline Young Supervised jointly.

Methods of Geographical Perturbation for Disclosure Control Division of Social Statistics And Department of Geography Caroline Young Supervised jointly.
© John M. Abowd 2005, all rights reserved Recent Advances In Confidentiality Protection John M. Abowd April 2005.

© John M. Abowd 2005, all rights reserved Recent Advances In Confidentiality Protection John M. Abowd April 2005.

Similar presentations

Ads by Google