Data Confidentiality, Residual Disclosure and Risk Mitigation Joint UNECE/Eurostat Work Session (Ottawa, Canada, 28-30 October 2013) Raja Hettiarachchi Statistics Department, International Monetary Fund The views expressed.
Download ReportTranscript Data Confidentiality, Residual Disclosure and Risk Mitigation Joint UNECE/Eurostat Work Session (Ottawa, Canada, 28-30 October 2013) Raja Hettiarachchi Statistics Department, International Monetary Fund The views expressed.
Data Confidentiality, Residual Disclosure and Risk Mitigation Joint UNECE/Eurostat Work Session (Ottawa, Canada, 28-30 October 2013) Raja Hettiarachchi Statistics Department, International Monetary Fund The views expressed herein are those of the author and should not necessarily be attributed to the IMF, its Executive Board, or its management Overview Introduction Levels of confidentiality Policies and Procedures IT implementations Challenges 2 Introduction IMF Statistics Department (STA) collects data from national authorities as well as international and regional organizations. As a global institution entrusted with highly confidential data by national authorities, IMF has no margin for error in regard to disclosing sensitive information. STA has broadly categorized the levels of confidentiality of the data it manages and has established policies, procedures, and systems to safeguard sensitive information from misuse, while increasing the efforts to improve data utility 3 Levels of Confidentiality Data reported only for internal analysis and/or calculation of global and regional aggregates Data Series suppressed by authorities to protect confidentiality Data Observations suppressed by authorities Internal estimates treated as confidential data Global and Regional aggregates suppressed to protect individual data reporters 4 Policies and Procedures Policies Comply with data control policies implemented at national level Comply with internal statistical disclosure controls Authorities are encouraged to suppress confidential data observations prior to reporting to the Fund Only on rare occasions IMF will omit series or suppress reported data observations Procedures Only authorized staff has access rights to sensitive data Tend to over delete secondary data cells to mitigate risk of residual disclosure Validations and re-edits to improve data utility 5 IT Implementations Access level restrictions Omissions For countries that have established patterns of data suppressions, and the required secondary suppressions are already analyzed, secondary data series will be omitted at the time of data load. Suppressions of Aggregates Dominance rule (largest reporter = 80% of total, two largest = 90%) Depend on number of reporters Suppression of primary and secondary cells Data re-edits for improve usability 6 Access Level Restrictions Access Restricted Production Database Available only for authorized staff Dissemination Database Database is hard coded to receive only authorized time series to prevent accidental disclosure of sensitive information 7 Secondary Data Cell Deletes Using D+, D*, D+* D+ Delete all calculated values (resultants) of the primary data delete Use the equation graph (formula tree) of the database system; All resultants of the primary data delete are deleted D* Delete all consolidated values of the primary data delete Use the consolidation method of each data series (e.g., delete of a monthly data value will result in the delete of quarterly and annual values) D+* Delete all calculated and consolidated values of the primary data delete 8 Data Cell Deletes Using D+ Delete All Calculated Values (Resultants) D+ 9 Data Cell Deletes using D* Delete All Consolidated Values D* D* 10 Data Cell Deletes using D+* Delete All Calculated and Consolidated Secondary Cells D+* 11 Data re-edits to improve usability if more than one sub aggregate is suppressed 5907 19416 D+* D+* 12 Challenges Growing demand for full disclosure Difficult to coordinate a concerted effort to release sensitive data Integrate secondary deletes, validations, and re-edits to optimize the data utility System developments and testing of restricted databases Difficult to manage user expectations due to specific nature of national statistical disclosure policies and revision policies 13 Proper management of sensitive information and protection of confidential data are major concerns for the IMF Statistics Department. There are ongoing efforts to disseminate as much information as possible while mitigating disclosure risks. Thank you Questions? Raja Hettiarachchi [email protected] 14