Balancing Privacy and Utility
Agencies such as the U.S. Census Bureau produce a voluminous amount of data, much of which is of tremendous value to social scientists and other researchers. But data also includes personal information that could be harmful were it to fall into the wrong hands. "Organizations that maintain such databases need to devise ways to protect individuals’ privacy while preserving the value of the information to researchers," writes George Duncan, Heinz School Professor of Statistics, in a commentary in the Aug. 31 edition of the journal Science.
According to Duncan, traditional methods of “de-identifying” records, such as stripping away Social Security numbers or birthdates, are inadequate to safeguard privacy because a person who knows enough about the data pool could use other characteristics to identify individuals.
“The question is, ‘How can data be made useful for research purposes without compromising the confidentiality of those who provided the data?’” Duncan said.
Possible solutions to this dilemma include administrative procedures that restrict data access to approved users who must abide by restrictions on the use of information, and statistical methods that de-identify records in such a way that the user cannot readily reconstruct personal identities. In order to be effective, these statistical transformations must be tailored to how the data will be used, so that researchers can see the information that interests them, while other characteristics remain veiled.
Duncan’s commentary in Science was prompted by recent reports on data privacy, one by the U.S. National Research Council and the other by the U.K. Royal Academy of Engineering. In the article, Duncan discusses efforts to safeguard information gathered by video surveillance cameras, wireless networks and radio-frequency identification tags, which are used by hospitals to ensure that patients receive the correct treatment.
