eprintid: 204 rev_number: 4 eprint_status: archive userid: 6 dir: disk0/00/00/02/04 datestamp: 2009-01-27 lastmod: 2015-05-29 19:49:21 status_changed: 2009-04-08 16:55:54 type: report metadata_visibility: show item_issues_count: 0 creators_name: O'Keefe, Christine M. creators_name: Haslett, Stephen creators_name: Steel, David creators_name: Chambers, Ray title: Table builder problem - confidentiality for linked tables ispublished: pub subjects: telecom studygroups: misg25 companyname: Australian Bureau of Statistics full_text_status: public abstract: The aim of this project is to investigate solutions to the problem of improving access to detailed survey data, while ensuring no person or organisation is likely to be identified, or otherwise put at risk of having their data disclosed, and to link general findings back to the ABS Table Builder problem. We focussed on making contributions in two main areas, namely: 1. Identification of sensitive cells in a table, 2. Maximizing data utility and minimising information loss - ensuring the table provides useful information. problem_statement: The aim of this project is to improve access to detailed Australian Bureau of Statistics (ABS) survey data, while maintaining a legislative requirement to ensure no person or organisation is likely to be identified, or otherwise put at risk of having their data disclosed. The problem is particularly acute for business data - as there can be real commercial advantages to obtaining the data of a business competitor. However, it is just as important to ensure household data are protected. In order that the ABS maintain the trust of the community, the methods we use must withstand scrutiny and be publicly defensible - it must be clear that adequate protection is provided and that the risk of identification or disclosure of information for any particular person or organisation is very low. However, the ABS also has an obligation to ensure that the Australian community gets the maximum benefit from the information collected by the ABS - which means the ABS needs to provide a responsive and flexible statistical output service. In particular, the ABS would like to offer a 'table builder' service, whereby users can use an internet-based service to specify a table that is then delivered to them electronically, without manual intervention or vetting. This means that the tables that are delivered must be automatically 'confidentialised' to ensure that no table or combination of tables can be used to identify or derive information in respect of any individual or organisation. While it is essential to ensure that the confidentiality of provider data is effectively protected, it is also highly desirable to protect the tables in the way that does minimum damage to the data. While there are several ways in which 'minimum damage to the data' can be interpreted, in practice the priorities could be expressed as: (i) minimise the likelihood of analyses reaching misleading conclusions, due to confidentiality protections, and (ii) maximise the likelihood of analyses reaching the same conclusions as they would if run on the unprotected data. An important aspect to this problem is that the confidentiality method used must be effective against the 'differencing problem'. The differencing problem occurs when a user is supplied with two tables, A and B, that in themselves are both 'confidentialised' and do not disclose any information. However the user is able to derive a table (A-B) that does disclose information. For example, if table A reports on all people in a geographic region aged 70-80 and table B reports all people in the same region aged 70-79. By differencing they can obtain a table for all people aged 80 that may, for example, be based on the responses of a single individual. In general, any linear combination or union of 'safe' tables produced by the method must also be 'safe' and not allow the identification of any individual or organisation. date: 2008 date_type: published pages: 11 citation: O'Keefe, Christine M. and Haslett, Stephen and Steel, David and Chambers, Ray (2008) Table builder problem - confidentiality for linked tables. [Study Group Report] document_url: http://miis.maths.ox.ac.uk/miis/204/1/misg2008abs.pdf