Statistical confidentiality : principles and practice / George T. Duncan, Mark Elliot, Juan-José Salazar-González.

• Machine generated contents note: 1. Why Statistical Confidentiality? -- 1.1. What Is Statistical Confidentiality? -- 1.2. Stakeholders in the Statistical Process -- 1.3. Data Stewardship Organization's Dilemma -- 1.4. Value of Statistical Data -- 1.5. Why Are DSOs Concerned About Statistical Confidentiality? -- 1.5.1. Difficult Context for a DSO -- 1.5.2. Providing Data and Protecting Confidentiality -- 1.5.3. Consequences of a Confidentiality Breach -- 1.5.4. What Motivates a DSO to Provide Confidentiality? -- 1.6. High-Quality Statistical Data Raise Confidentiality Concerns -- 1.6.1. Characteristics of High-Quality Statistical Data -- 1.6.2. Disclosure Risk Problems Stemming from Characteristics of High-Quality Statistical Data -- 1.7. Disclosure Risk and the Concept of the Data Snooper -- 1.8. Strategies of Statistical Disclosure Limitation -- 1.8.1. Restricted Access -- 1.8.2. Restricted Data -- 1.9. Summary -- 2. Concepts of Statistical Disclosure Limitation -- 2.1. Conceptual Models of Disclosure Risk -- 2.1.1. Elements of the Disclosure Risk Problem -- 2.1.2. Perceived and Actual Risk -- 2.1.3. Scenarios of Disclosure -- 2.1.4. Data Environment Analysis -- 2.2. Assessing the Risk -- 2.2.1. Uniqueness -- 2.2.2. Matching/Reidentification Experiments -- 2.2.3. Disclosure Risk Assessment for Aggregate Data -- 2.3. Controlling the Risk -- 2.3.1. Metadata Level Controls -- 2.3.2. Distorting the Data -- 2.3.3. Controlling Access -- 2.4. Data Utility Impact -- 2.5. Summary -- 3. Assessment of Disclosure Risk -- 3.1. Thresholds and Other Proxies -- 3.2. Risk Assessment for Microdata: Types of Matching -- 3.2.1. File-Level Risk Metrics -- 3.2.2. Record-Level Risk Metrics -- 3.3. Record Linkage Studies -- 3.3.1. Using an External Data Set -- 3.3.2. Using the Pre-SDL Data Set -- 3.4. Risk Assessment for Count Data -- 3.5. What is at Risk?: Understanding Sensitivity -- 3.6. Summary -- 4. Protecting Tabular Data -- 4.1. Basic Concepts -- 4.1.1. Structure of a Tabular Array -- 4.1.2. Risky Cells -- 4.1.3. Secondary Problem: The Data Snooper's Knowledge -- 4.1.4. Disclosure Limitation -- 4.1.5. Loss of Information -- 4.1.6. DSO's Problem -- 4.1.7. Disclosure Auditing -- 4.2. Four Methods to Protect Tables -- 4.2.1. Cell Suppression -- 4.2.2. Interval Publication -- 4.2.3. Controlled Rounding -- 4.2.4. Cell Perturbation -- 4.2.5. All-in-One Method -- 4.3. Other Methods -- 4.3.1. Table Redesign -- 4.3.2. Introducing Noise to Microdata -- 4.3.3. Data Swapping -- 4.3.4. Cyclic Perturbation -- 4.3.5. Random Rounding -- 4.3.6. Controlled Tabular Adjustment -- 4.4. Summary -- 5. Providing and Protecting Microdata -- 5.1. Why Provide Access? -- 5.2. Confidentiality Concerns -- 5.3. Why Protect Microdata? -- 5.4. Restricted Data -- 5.4.1. In Order to Limit Disclosure, What Shall We Mask? -- 5.5. Matrix Masking -- 5.6. Masking Through Suppression -- 5.7. Local Suppression -- 5.8. Noise Addition -- 5.9. Data Swapping -- 5.9.1. Implementations of Data Swapping -- 5.9.2. Protocol for Data Swapping -- 5.10. Masking Through Sampling -- 5.11. Masking Through Aggregation -- 5.11.1. Global Recoding -- 5.11.2. Topcoding -- 5.12. Microaggregation -- 5.13. Synthetic Microdata -- 5.14. Concluding Thoughts -- 6. Disclosure Risk and Data Utility -- 6.1. Basics of Disclosure Risk and Data Utility -- 6.1.1. Choosing the Parameter Values of an SDL Method -- 6.2. Data Utility Metrics -- 6.3. Direct Measurement of Utility -- 6.4. R-U Confidentiality Map -- 6.4.1. Constructing an R-U Confidentiality Map: Multivariate Additive Noise -- 6.4.2. R-U Confidentiality Map for Topcoding -- 6.5. Discussion -- 7. Restrictions on Data Access -- 7.1. Who Can Have Access? -- 7.2. Where Can Access Be Obtained? -- 7.3. What Analysis Is Permitted? -- 7.4. Modes of Access -- 7.4.1. Free Access -- 7.4.2. Delivered Access -- 7.4.3. Safe Settings -- 7.4.4. Virtual Access -- 7.4.5. Licensing -- 7.5. Conclusion -- 8. Thoughts on the Future -- 8.1. New Meanings for Privacy and Statistical Confidentiality -- 8.2. Who Will Care About Statistical Data? -- 8.3. What New Forms of Data Stewardship Organizations Will Develop? -- 8.4. Will Statistical Data Remain Valuable? -- 8.5. New Data Types -- 8.5.1. Geospatial Data -- 8.5.2. Audio and Video Data -- 8.5.3. Biometric Recognition Data -- 8.5.4. Biological Material Data -- 8.5.5. Network Data -- 8.6. Privacy Preserving Data Mining -- 8.7. Other New Issues for Statistical Confidentiality -- 8.7.1. Technological Advances -- 8.7.2. Increased Expectations About Data Access -- 8.7.3. Sophisticated Privacy Advocates -- 8.7.4. New Confidentiality Legislation -- 8.7.5. Demand for Data from Researchers -- 8.7.6. Challenges in Communicating Confidentiality Protections -- 8.8. Will There Be New Forms of Data Snooping? -- 8.8.1. Data Snooper of the Future -- 8.8.2. New Attack Modalities -- 8.9. What New Strategies of Disclosure Limitation Should Be Developed? -- 8.10. Finally, an Exciting Vision for Statistical Confidentiality.

Ämnesord

Statistisk metod  (sao)

Dataskydd  (sao)

Data mining  (sao)

Personlig integritet  (sao)

Data protection.  (LCSH)

Privacy, Right of.  (LCSH)

Confidential communications  -- Statistical services. (LCSH)

Statistical services  -- Moral and ethical aspects. (LCSH)

Statistical methods  (eclas)

Statistik  -- etik och moral (sao)

Statistics  (LCSH)

Data mining  (LCSH)

Data protection  (LCSH)

Klassifikation

HA34 (LCC)

001.422 (DDC)

Oi:dd (kssb/8 (machine generated))