A Suggested Framework for National Statistical Offices for - PowerPoint PPT Presentation

A Suggested Framework for National Statistical Offices for Assessing and Managing Privacy Risks Related to the Use of Big Data Pascal Jacques Eurostat Local Security Officer 1

UNECE 2014 Project : The Role of Big Data in the Modernisation of Statistical Production • Identify, examine and provide guidance for statistical organizations to act upon the main strategic and methodological issues that Big Data poses for the official statistics industry • Demonstrate the feasibility of efficient production of both novel products and ‘mainstream’ official statistics using Big Data sources, and the possibility to replicate these approaches across different national contexts • Facilitate the sharing across organizations of knowledge, expertise, tools and methods for the production of statistics using Big Data sources. • 4 task teams: Privacy, Partnership, Quality, Sandbox 2

Members of the Privacy Task Team • Shane Weir, chair, and James Chipperfield, Australia • Pascal Jacques, Eurostat • Jörg Drechsler, Germany • Josep Domingo-Ferrer, Spain • Peter Struijs, Netherlands • Anna Nowicka, Poland • Vicenc Torra, Spain • Luis Gonzalez and Shaswat Sapkota, UNSD • Monika Jingchen Hu, USA 3

Tasks • To give an overview of existing tools for risk management in view of privacy issues • To describe how risk of identification relates to Big Data characteristics • To draft recommendations for NSOs on the management of privacy risks related to Big Data 4

Risks to privacy • Disclosure risk for: • estimates (Second level disclosure) • micro-data access • Risk of attempt of disclosure • Motivation • Deterrents/controls • efforts/skills/technology required • Risk of success of attempt amount of data • detail level • remarkable units • accuracy • 5 coverage, .. •

Existing tools for privacy risk management • Microdata access strategies microdata dissemination (anonymised files, public use) • On-site analysis • remote access • • Database privacy : distinguish between owner privacy (Privacy-preserving data mining PPDM) • respondent privacy (query perturbation, query restriction) • user privacy (private information retrieval, proxy, TOR) • • Statistical Disclosure control (SDC) tools. Managing privacy: trade-off between disclosure risk and utility 6

Big Data characteristics and privacy risk • Big Data characteristics • Also relevant to privacy: aggregation, flexibility, provider infrastructure, geographical differences • Task Team looked at: GPS/mobile phone location data • On-site analysis versus remote access • Feasibility/practicality of re-identification • 7

Recommendations on information integration and governance • Monitor database activity tracking db accesses and actions, ... • • Apply best practices and standards for security of IT systems (security by design) Separation of duties, concerns, least privilege, • defence in depth, .... • Apply best technologies of security of transportation (TLS) • Apply data encryption 8

Recommendations on statistical disclosure limitation (SDL)/control • Preserve confidentiality by restricting access rights and/or data releases • But : Ensure access to useful data • Balance data utility and disclosure risk. Use not only traditional approaches (data masking, aggregation, perturbation,..), but also modern techniques such synthetic data, secure computation, ELT (Extract, Load, Transform), … 9

Recommendations on managing risk to reputation • Enforce ethical principles in the supply chain (continued operation with data providers) Legal instrument for accountability • informed consent • • Establish strong compliance control/monitoring • Monitor threats to reputation logging/alert environment • • Be transparent towards stakeholders, and organise a dialogue with the public • Create a crisis communication plan • Public perception on incident management/handling 10

Conclusions • Existing tools are already well-developed to allow reducing risks • NSOs champions of protection of confidentiality • Recommendations have been formulated on: information integration and governance statistical disclosure limitation/control managing risk to reputation • But: • not much experience yet with Big Data privacy issues in NSOs • Small experiment in SandBox not really meaningful 11

Additional issues not considered • NSOs now building their own Big Data Infrastructure aside to their production environment Integration into production in the future? Including constraints • linked to Big Data (volume, velocity, variety) Compatibility with request to outsource NSO’s IT department to • National administration central service? Is a private national “cloud” secure enough and how to ensure • compliance? • Constraints of new General Data Protection Regulation GDPR (current 95/46/EC) • Protection of all EU citizens for companies outside EU • Privacy by design • Valid consent • inform DPA and individuals in case of data leakage/sanctions 12 • Right to erasure