Presentation is loading. Please wait.

Presentation is loading. Please wait.

User-focused Threat Identification For Anonymised Microdata Hans-Peter Hafner HTW Saar – Saarland University of Applied Sciences

Published byFelix Ross Modified over 9 years ago

Similar presentations

Presentation on theme: "User-focused Threat Identification For Anonymised Microdata Hans-Peter Hafner HTW Saar – Saarland University of Applied Sciences"— Presentation transcript:

1 User-focused Threat Identification For Anonymised Microdata Hans-Peter Hafner HTW Saar – Saarland University of Applied Sciences Hans-Peter.Hafner@htwsaar.de Felix Ritchie University of the West of England Rainer Lenz Technical University of Dortmund Conference of European Statistics Stakeholders Rome, 24 November 2014 1

2 Motivation User-focused threat identification 2 Production of anonymised data sources for the scientific community as a key task of National Statistics Institutes (NSI) Conservative risk averse approach (data protection) Release data only if it can be shown they are safe (defensive) vs Alternative user oriented approach Release data unless it presents a disclosure risk (cooperative)

3 Overview Common approaches to anonymisation Critique of common perspective  Focus data protection  Worst-case scenarios Evidence-based risk assignment (Case study: CIS 2010) Impact of new strategy Conclusion Overview User-focused threat identification 3

4 Common approach to anonymisation ESSNET Handbook on SDC (Statistical Disclosure Control) Microdata protection should be based on  Knowledge of the use of the data  Access requirements  Potential to match external datasets  Structure of the data itself Risk scenarios are based on  Spontaneous recognition  Actively searching (record linkage) Common approach to anonymisation User-focused threat identification 4

5 Critique 1: Focus on data protection Assumption: Existence of intruders who want to identify companies / persons in the data. But: There are no known cases of malicious misuse of data. Only some mistakes or some efforts to circumvent procedures to make life easier are known. Problem not anonymisation but accreditation procedures! Critique of common perspective 1 User-focused threat identification 5

6 Worst-case Scenarios Scenario often: Anonymised data vs. Original data (Record matching) Not realistic: Large differences between official statistics and commercial databases Total protection is not required by law: De facto anonymity (Germany): Reidentification allowed as far as effort / costs greater than benefit Critique of common perspective 2 User-focused threat identification 6

7 Evidence-Based Risk Assignment: Case Study CIS 2010 CIS (Community Innovation Survey) Survey about the innovation activities of enterprises in countries of the European Union Conducted every 2 years For some countries census, for others only sample survey; but large companies are always included Many categorical variables, only 9 continuous attributes Case Study 1 User-focused threat identification 7

8 Case Study CIS 2010 – to be continued Risk Scenario Step 1: Identify user needs Analysis of research papers + Google Scholar search  Linear and nonlinear regression are most frequently used methods Step 2: Identify user risks Spontaneous recognition of outliers  No risk since no disclosure to unauthorized person Group disclosure from categorical variables  No risk since focus not on descriptive statistics Case Study 2 User-focused threat identification 8

9 Case Study CIS 2010 – to be continued Case Study 3 User-focused threat identification 9 Risk Evaluation Spontaneous recognition  Very unlikely because of large differences between data sources Matching on categorical variables  Uncertain since statistical business register and classification of economic activity in commercial databases differ (main activity vs main turnover)  Moreover: Matching is prohibited by licence agreements Remaining risks  Magnitude tables with 1 or 2 observations in a cell  Dominance of one unit in cell / dataset

10 Impact of new strategy Impact User-focused threat identification 10 Consequence of risk evaluation Small cell count (< 3) or dominance problem in cell:  Determination of records at risk in these cells  Only records at risk are perturbed (individual microaggregation of metric variables) Consequence for the quality of the anonymised datasets  For less than 1% of all records microaggregation was performed  Small impact on regression coefficients

11 Conclusion User-focused threat identification 11 Change of perspective from total data protection to a realistic user-oriented approach that takes into account user needs, quality of external databases, accreditation procedures and statistical legislation leads to datasets with higher analytical potential for the scientific community!

12 User-focused threat identification 12 THANK YOU FOR YOUR ATTENTION

Download ppt "User-focused Threat Identification For Anonymised Microdata Hans-Peter Hafner HTW Saar – Saarland University of Applied Sciences"

Similar presentations

Microdata access in practice Felix Ritchie. Overview Concerns Conceptual and practical concerns International practice UK experience Key lessons.

Microdata access in practice Felix Ritchie. Overview Concerns Conceptual and practical concerns International practice UK experience Key lessons.
Estimating Identification Risks for Microdata Jerome P. Reiter Institute of Statistics and Decision Sciences Duke University, Durham NC, USA.

Estimating Identification Risks for Microdata Jerome P. Reiter Institute of Statistics and Decision Sciences Duke University, Durham NC, USA.
Jörg Drechsler (Institute for Employment Research, Germany) NTTS 2009 Brussels, 20. February 2009 Disclosure Control in Business Data Experiences with.

Jörg Drechsler (Institute for Employment Research, Germany) NTTS 2009 Brussels, 20. February 2009 Disclosure Control in Business Data Experiences with.
Impact analysis and counterfactuals in practise: the case of Structural Funds support for enterprise Gerhard Untiedt GEFRA-Münster,Germany Conference:

Impact analysis and counterfactuals in practise: the case of Structural Funds support for enterprise Gerhard Untiedt GEFRA-Münster,Germany Conference:
Balancing Access and Confidentiality Jenny Telford Australian Bureau of Statistics September 2008.

Balancing Access and Confidentiality Jenny Telford Australian Bureau of Statistics September 2008.
Output Consultation Plans and Statistical Disclosure Control Strategy developments Angele Storey and Jane Longhurst ONS.

Output Consultation Plans and Statistical Disclosure Control Strategy developments Angele Storey and Jane Longhurst ONS.
ONS Research Data Access Strategy AGENDA Background and context Confidentiality The Strategy.

ONS Research Data Access Strategy AGENDA Background and context Confidentiality The Strategy.
Eurostat T HE E UROPEAN PROCESS OF ENHANCING ACCESS TO E UROSTAT DATA A LEKSANDRA B UJNOWSKA E UROSTAT.

Eurostat T HE E UROPEAN PROCESS OF ENHANCING ACCESS TO E UROSTAT DATA A LEKSANDRA B UJNOWSKA E UROSTAT.
Statistical Disclosure Control (SDC) at SURS Andreja Smukavec General Methodology and Standards Sector.

Statistical Disclosure Control (SDC) at SURS Andreja Smukavec General Methodology and Standards Sector.
Business microdata dissemination at Istat Daniela Ichim Luisa Franconi

Business microdata dissemination at Istat Daniela Ichim Luisa Franconi
Operationalising ‘safe statistics’ the case of linear regression Felix Ritchie Bristol Business School, University of the West of England, Bristol.

Operationalising ‘safe statistics’ the case of linear regression Felix Ritchie Bristol Business School, University of the West of England, Bristol.
Developing a Statistical Disclosure Standard for Europe Tanvi Desai LSE Research Laboratory Data Manager Research Laboratory IASSIST 2010: Cornell.

Developing a Statistical Disclosure Standard for Europe Tanvi Desai LSE Research Laboratory Data Manager Research Laboratory IASSIST 2010: Cornell.
Trade and business statistics: use of administrative data Lunch Seminar Enrico Giovannini Italian National Statistical Institute (ISTAT) New York, February,

Trade and business statistics: use of administrative data Lunch Seminar Enrico Giovannini Italian National Statistical Institute (ISTAT) New York, February,
Decentralised and Remote Access to Confidential Data in the ESS (ESSnet DARA) Overview and State of the Art Maurice Brandt Destatis FIRST EUROPEAN DATA.

Decentralised and Remote Access to Confidential Data in the ESS (ESSnet DARA) Overview and State of the Art Maurice Brandt Destatis FIRST EUROPEAN DATA.
UNECE Workshop on Confidentiality Manchester, 17.-19. December 2007 Comparing Fully and Partially Synthetic Data Sets for Statistical Disclosure Control.

UNECE Workshop on Confidentiality Manchester, December 2007 Comparing Fully and Partially Synthetic Data Sets for Statistical Disclosure Control.
MOLLA HUNEGNAW STATISTICIAN AFRICAN CENTRE FOR STATISTICS ECASTATS.UNECA.ORG Confidentiality and Anonymization of Microdata 1 United Nations Regional Seminar.

MOLLA HUNEGNAW STATISTICIAN AFRICAN CENTRE FOR STATISTICS ECASTATS.UNECA.ORG Confidentiality and Anonymization of Microdata 1 United Nations Regional Seminar.
United Nations Economic Commission for Europe Statistical Division Applying the GSBPM to Business Register Management Steven Vale UNECE

United Nations Economic Commission for Europe Statistical Division Applying the GSBPM to Business Register Management Steven Vale UNECE
Beyond 2011 – A new paradigm for population statistics? Pete Benton, Beyond 2011 Programme Director Office for National Statistics, UK.

Beyond 2011 – A new paradigm for population statistics? Pete Benton, Beyond 2011 Programme Director Office for National Statistics, UK.
Regional Seminar on Census Data Archiving for Africa, Addis Ababa, Ethiopia, 20-23 September 2011 Overview of Archiving of Microdata Session 4 United Nations.

Regional Seminar on Census Data Archiving for Africa, Addis Ababa, Ethiopia, September 2011 Overview of Archiving of Microdata Session 4 United Nations.
Microdata Simulation for Confidentiality of Tax Returns Using Quantile Regression and Hot Deck Jennifer Huckett Iowa State University June 20, 2007.

Microdata Simulation for Confidentiality of Tax Returns Using Quantile Regression and Hot Deck Jennifer Huckett Iowa State University June 20, 2007.

Similar presentations

Ads by Google