© 2014 Privacy Analytics, Inc.

Our Approach: De-identification

Taking into Account the Risk of Disclosure

If the measured risk does not meet the threshold, specific

transformations (such as generalization and

suppression) are applied to reduce the risk.

Based on plausible attacks, appropriate metrics are

selected and used to measure actual re-identification risk

from the data.De-identification

Process

Measure Risk

Apply Transformations

Set Risk Threshold

Based on the characteristics of the data recipient, the data, and precedents, a quantitative risk threshold is set.

This is an iterative process. The mitigating controls in place can be strengthened to get a more forgiving threshold.

251 Laurier Avenue W, Suite 200

Ottawa, ON Canada K1P 5J6

www.privacyanalytics.ca | 855.686.4781

info@privacyanalytics.ca

PARAT v6.0 Demonstration

Grant Middleton – Solutions Architect

© 2014 Privacy Analytics, Inc.

Re-identification Risk: Example

DIRECT IDENTIFIERS INDIRECT IDENTIFIERS SENSITIVE VARIABLES OTHER

ID Name Telephone No. Sex Year of Birth Lab TestLab

Result

Pay

Delay

1 John Smith (412) 668-5468 M 1959 Albumin, Serum 4.8 37

2 Alan Smith (413) 822-5074 M 1969 Creatine Kinase 86 36

3 Alice Brown (416) 886-5314 F 1955 Alkaline Phosphatase 66 52

4 Hercules Green (613)763-5254 M 1959 Bilirubin <0 36

5 Alicia Freds (613) 586-6222 F 1942 BUN/Creatinine Ratio 17 82

6 Gill Stringer (954) 699-5423 F 1975 Calcium, Serum 9.2 34

7 Marie Kirkpatrick (416) 786-6212 F 1966 Free Thyroxine Index 2.7 23

8 Leslie Hall (905) 668-6581 F 1987 Globulin, Total 3.5 9

9 Douglas Henry (416) 423-5965 M 1959 B-type Natriuretic peptide 134 38

10 Fred Thompson (416) 421-7719 M 1967 Creatine Kinase 80 21

3Two quasi-identifiers

matching in three cells within a dataset

© 2014 Privacy Analytics, Inc.

Identifiability Spectrum

Little De-identification Significant De-identification

5

20

3

2

10

811

16

A range of operational precedents exist based on the situational context of the data’s use and available mitigating controls that protect it.

© 2014 Privacy Analytics, Inc.

Identifiability Spectrum

Little De-identification Significant De-identification

5

20

3

2

10

811

16

Leading research organizations apply these precedents to data release for secondary purposes. We’ve embedded these precedents into PARAT CORE.

© 2014 Privacy Analytics, Inc.

Different Techniques

Type of Variable Method of

Protection

Directly identifying

Can uniquely identify an individual by itself or in conjunction with

other readily available information

Masking

Quasi-identifiers (indirectly identifying)

Can identify an individual by itself or in conjunction with other

information

De-identification

Other variables

Clinical and administrative variables that cannot be used to

identify individuals

No change

PARAT v6.0