How can the disclosure risk in data be quantified?

Challenge

Large data breaches have occurred. These breaches cause growing concern about the mosaic effect in which disparate pieces of information become significant when combined with other types of information on individual privacy.

This escalates disclosure risk by putting personally identifiable information (PII) into the public realm, which makes the mosaic effect very real.

The National Center for Science and Engineering Statistics (NCSES) asked Westat to review its data dissemination products to evaluate their risks.

Solution

Westat conducted a holistic review of NCSES’ data dissemination products relating to disclosure risk.

The review included approaches to risk assessment and quantification using statistical models. Some pieces of the data mosaic were also included in the assessments.

The assessments were accomplished mainly through Westat’s SAS® macros (WesSDC Toolbox) that were developed for statistical confidentiality tasks.

Results

The risk assessments brought to light increased awareness of vulnerabilities.

Westat drafted a standards and guidelines product for statistical confidentiality for the agency.

Various risk mitigation treatments were demonstrated with NCSES survey data, including

• Differential privacy and other noise infusion approaches
• Perturbation and synthetic data applications