Data Confidentiality, Residual Disclosure and Risk Mitigation Joint UNECE/Eurostat Work Session (Ottawa, Canada, 28-30 October 2013) Raja Hettiarachchi Statistics Department, International Monetary Fund The views expressed.
Download
Report
Transcript Data Confidentiality, Residual Disclosure and Risk Mitigation Joint UNECE/Eurostat Work Session (Ottawa, Canada, 28-30 October 2013) Raja Hettiarachchi Statistics Department, International Monetary Fund The views expressed.
Data Confidentiality, Residual
Disclosure and Risk Mitigation
Joint UNECE/Eurostat Work Session
(Ottawa, Canada, 28-30 October 2013)
Raja Hettiarachchi
Statistics Department, International Monetary Fund
The views expressed herein are those of the author and should not necessarily be attributed to the IMF,
its Executive Board, or its management
Overview
Introduction
Levels of confidentiality
Policies and Procedures
IT implementations
Challenges
2
Introduction
IMF Statistics Department (STA) collects data from national
authorities as well as international and regional organizations.
As a global institution entrusted with highly confidential data
by national authorities, IMF has no margin for error in regard
to disclosing sensitive information.
STA has broadly categorized the levels of confidentiality of
the data it manages and has established policies, procedures,
and systems to safeguard sensitive information from misuse,
while increasing the efforts to improve data utility
3
Levels of Confidentiality
Data reported only for internal analysis and/or calculation of
global and regional aggregates
Data Series suppressed by authorities to protect confidentiality
Data Observations suppressed by authorities
Internal estimates treated as confidential data
Global and Regional aggregates suppressed to protect
individual data reporters
4
Policies and Procedures
Policies
Comply with data control policies implemented at national level
Comply with internal statistical disclosure controls
Authorities are encouraged to suppress confidential data
observations prior to reporting to the Fund
Only on rare occasions IMF will omit series or suppress reported
data observations
Procedures
Only authorized staff has access rights to sensitive data
Tend to over delete secondary data cells to mitigate risk of residual
disclosure
Validations and re-edits to improve data utility
5
IT Implementations
Access level restrictions
Omissions
For countries that have established patterns of data suppressions, and
the required secondary suppressions are already analyzed, secondary
data series will be omitted at the time of data load.
Suppressions of Aggregates
Dominance rule (largest reporter = 80% of total, two largest = 90%)
Depend on number of reporters
Suppression of primary and secondary cells
Data re-edits for improve usability
6
Access Level Restrictions
Access Restricted
Production Database
Available only for authorized staff
Dissemination
Database
Database is hard coded to receive
only authorized time series to
prevent accidental disclosure of
sensitive information
7
Secondary Data Cell Deletes
Using D+, D*, D+*
D+ Delete all calculated values (resultants) of the primary
data delete
Use the equation graph (formula tree) of the database system; All
resultants of the primary data delete are deleted
D* Delete all consolidated values of the primary data delete
Use the consolidation method of each data series (e.g., delete of a monthly
data value will result in the delete of quarterly and annual values)
D+* Delete all calculated and consolidated values of the
primary data delete
8
Data Cell Deletes Using D+
Delete All Calculated Values (Resultants)
D+
9
Data Cell Deletes using D*
Delete All Consolidated Values
D*
D*
10
Data Cell Deletes using D+*
Delete All Calculated and Consolidated Secondary Cells
D+*
11
Data re-edits to improve usability if more
than one sub aggregate is suppressed
5907
19416
D+*
D+*
12
Challenges
Growing demand for full disclosure
Difficult to coordinate a concerted effort to release sensitive
data
Integrate secondary deletes, validations, and re-edits to
optimize the data utility
System developments and testing of restricted databases
Difficult to manage user expectations due to specific nature of
national statistical disclosure policies and revision policies 13
Proper management of sensitive information and protection of
confidential data are major concerns for the IMF Statistics
Department.
There are ongoing efforts to disseminate as much information
as possible while mitigating disclosure risks.
Thank you
Questions?
Raja Hettiarachchi
[email protected]
14