A Suggested Framework for National Statistical Offices for - - PowerPoint PPT Presentation

a suggested framework for national statistical offices
SMART_READER_LITE
LIVE PREVIEW

A Suggested Framework for National Statistical Offices for - - PowerPoint PPT Presentation

Dec 19, 2022 93 likes •230 views

A Suggested Framework for National Statistical Offices for Assessing and Managing Privacy Risks Related to the Use of Big Data Pascal Jacques Eurostat Local Security Officer 1 UNECE 2014 Project : The Role of Big Data in the Modernisation of

slide-1
SLIDE 1

A Suggested Framework for National Statistical Offices for Assessing and Managing Privacy Risks Related to the Use of Big Data

Pascal Jacques Eurostat Local Security Officer

1

slide-2
SLIDE 2

UNECE 2014 Project : The Role of Big Data in the Modernisation of Statistical Production

  • Identify, examine and provide guidance for statistical
  • rganizations to act upon the main strategic and

methodological issues that Big Data poses for the official statistics industry

  • Demonstrate the feasibility of efficient production of both

novel products and ‘mainstream’ official statistics using Big Data sources, and the possibility to replicate these approaches across different national contexts

  • Facilitate the sharing across organizations of knowledge,

expertise, tools and methods for the production of statistics using Big Data sources.

  • 4 task teams: Privacy, Partnership, Quality, Sandbox

2

slide-3
SLIDE 3

Members of the Privacy Task Team

  • Shane Weir, chair, and James Chipperfield,

Australia

  • Pascal Jacques, Eurostat
  • Jörg Drechsler, Germany
  • Josep Domingo-Ferrer, Spain
  • Peter Struijs, Netherlands
  • Anna Nowicka, Poland
  • Vicenc Torra, Spain
  • Luis Gonzalez and Shaswat Sapkota, UNSD
  • Monika Jingchen Hu, USA

3

slide-4
SLIDE 4

Tasks

  • To give an overview of existing tools for risk

management in view of privacy issues

  • To describe how risk of identification relates to

Big Data characteristics

  • To draft recommendations for NSOs on the

management of privacy risks related to Big Data

4

slide-5
SLIDE 5

Risks to privacy

  • Disclosure risk for:
  • estimates (Second level disclosure)
  • micro-data access
  • Risk of attempt of disclosure
  • Motivation
  • Deterrents/controls
  • efforts/skills/technology required
  • Risk of success of attempt
  • amount of data
  • detail level
  • remarkable units
  • accuracy
  • coverage, ..

5

slide-6
SLIDE 6

Existing tools for privacy risk management

  • Microdata access strategies
  • microdata dissemination (anonymised files, public use)
  • On-site analysis
  • remote access
  • Database privacy : distinguish between
  • wner privacy (Privacy-preserving data mining PPDM)
  • respondent privacy (query perturbation, query restriction)
  • user privacy (private information retrieval, proxy, TOR)
  • Statistical Disclosure control (SDC) tools.

Managing privacy: trade-off between disclosure risk and utility

6

slide-7
SLIDE 7

Big Data characteristics and privacy risk

  • Big Data characteristics
  • Also relevant to privacy:

aggregation, flexibility, provider infrastructure, geographical differences

  • Task Team looked at:
  • GPS/mobile phone location data
  • On-site analysis versus remote access
  • Feasibility/practicality of re-identification

7

slide-8
SLIDE 8

Recommendations on information integration and governance

  • Monitor database activity
  • tracking db accesses and actions, ...
  • Apply best practices and standards for

security of IT systems (security by design)

  • Separation of duties, concerns, least privilege,

defence in depth, ....

  • Apply best technologies of security of

transportation (TLS)

  • Apply data encryption

8

slide-9
SLIDE 9

Recommendations on statistical disclosure limitation (SDL)/control

  • Preserve confidentiality by restricting access

rights and/or data releases

  • But : Ensure access to useful data
  • Balance data utility and disclosure risk. Use not
  • nly traditional approaches (data masking,

aggregation, perturbation,..), but also modern techniques such synthetic data, secure computation, ELT (Extract, Load, Transform), …

9

slide-10
SLIDE 10

Recommendations on managing risk to reputation

  • Enforce ethical principles in the supply chain

(continued operation with data providers)

  • Legal instrument for accountability
  • informed consent
  • Establish strong compliance control/monitoring
  • Monitor threats to reputation
  • logging/alert environment
  • Be transparent towards stakeholders, and organise a

dialogue with the public

  • Create a crisis communication plan
  • Public perception on incident management/handling

10

slide-11
SLIDE 11

Conclusions

  • Existing tools are already well-developed to allow

reducing risks

  • NSOs champions of protection of confidentiality
  • Recommendations have been formulated on:

information integration and governance statistical disclosure limitation/control managing risk to reputation

  • But:
  • not much experience yet with Big Data privacy

issues in NSOs

  • Small experiment in SandBox not really meaningful

11

slide-12
SLIDE 12

Additional issues not considered

  • NSOs now building their own Big Data Infrastructure aside to

their production environment

  • Integration into production in the future? Including constraints

linked to Big Data (volume, velocity, variety)

  • Compatibility with request to outsource NSO’s IT department to

National administration central service?

  • Is a private national “cloud” secure enough and how to ensure

compliance?

  • Constraints of new General Data Protection

Regulation GDPR (current 95/46/EC)

  • Protection of all EU citizens for companies outside EU
  • Privacy by design
  • Valid consent
  • inform DPA and individuals in case of data leakage/sanctions
  • Right to erasure

12