Upload
privacy-analytics
View
36
Download
3
Embed Size (px)
Citation preview
© 2014 Privacy Analytics, Inc.
Our Approach: De-identification
Taking into Account the Risk of Disclosure
If the measured risk does not meet the threshold, specific
transformations (such as generalization and
suppression) are applied to reduce the risk.
Based on plausible attacks, appropriate metrics are
selected and used to measure actual re-identification risk
from the data.De-identification
Process
Measure Risk
Apply Transformations
Set Risk Threshold
Based on the characteristics of the data recipient, the data, and precedents, a quantitative risk threshold is set.
This is an iterative process. The mitigating controls in place can be strengthened to get a more forgiving threshold.
251 Laurier Avenue W, Suite 200
Ottawa, ON Canada K1P 5J6
www.privacyanalytics.ca | 855.686.4781
PARAT v6.0 Demonstration
Grant Middleton – Solutions Architect
© 2014 Privacy Analytics, Inc.
Re-identification Risk: Example
DIRECT IDENTIFIERS INDIRECT IDENTIFIERS SENSITIVE VARIABLES OTHER
ID Name Telephone No. Sex Year of Birth Lab TestLab
Result
Pay
Delay
1 John Smith (412) 668-5468 M 1959 Albumin, Serum 4.8 37
2 Alan Smith (413) 822-5074 M 1969 Creatine Kinase 86 36
3 Alice Brown (416) 886-5314 F 1955 Alkaline Phosphatase 66 52
4 Hercules Green (613)763-5254 M 1959 Bilirubin <0 36
5 Alicia Freds (613) 586-6222 F 1942 BUN/Creatinine Ratio 17 82
6 Gill Stringer (954) 699-5423 F 1975 Calcium, Serum 9.2 34
7 Marie Kirkpatrick (416) 786-6212 F 1966 Free Thyroxine Index 2.7 23
8 Leslie Hall (905) 668-6581 F 1987 Globulin, Total 3.5 9
9 Douglas Henry (416) 423-5965 M 1959 B-type Natriuretic peptide 134 38
10 Fred Thompson (416) 421-7719 M 1967 Creatine Kinase 80 21
3Two quasi-identifiers
matching in three cells within a dataset
© 2014 Privacy Analytics, Inc.
Identifiability Spectrum
Little De-identification Significant De-identification
5
20
3
2
10
811
16
A range of operational precedents exist based on the situational context of the data’s use and available mitigating controls that protect it.
© 2014 Privacy Analytics, Inc.
Identifiability Spectrum
Little De-identification Significant De-identification
5
20
3
2
10
811
16
Leading research organizations apply these precedents to data release for secondary purposes. We’ve embedded these precedents into PARAT CORE.
© 2014 Privacy Analytics, Inc.
Different Techniques
Type of Variable Method of
Protection
Directly identifying
Can uniquely identify an individual by itself or in conjunction with
other readily available information
Masking
Quasi-identifiers (indirectly identifying)
Can identify an individual by itself or in conjunction with other
information
De-identification
Other variables
Clinical and administrative variables that cannot be used to
identify individuals
No change
PARAT v6.0