1 / 32

Statistical Disclosure Control

Statistical Disclosure Control. Philip Johnston, Information Services Division, NHSNSS ScotPHO training course, 1 April 2011. Statistical Disclosure Control. background / definitions ISD practice a high profile case some examples. Legislation & standards. Data Protection Act

rashad-joyner
Download Presentation

Statistical Disclosure Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Statistical Disclosure Control Philip Johnston, Information Services Division, NHSNSS ScotPHO training course, 1 April 2011

  2. Statistical Disclosure Control background / definitions ISD practice a high profile case some examples

  3. Legislation & standards Data Protection Act Caldicott recommendations NHS code of confidentiality statistical disclosure guidance (eg ONS) Official Statistics code(s) of practice public trust case law

  4. What is ‘disclosure’? When confidential information about a person/body is released, either directly or indirectly, in breach of public trust or legal obligations [ Even aggregate tables risk revealing confidential information ]

  5. What is ‘statistical disclosure control’ (SDC)? The practice of reducing the risk of disclosure by suppressing, aggregating or modifying data before release

  6. Types of disclosure Identification – ‘that’s you’ Self-identification – ‘that’s me’ Attribute disclosure – learn something new Motivated intruder – might target an individual ‘Differencing’ – combining different sources

  7. ‘Individual Attribute’ Disclosure

  8. ‘Group Attribute’ Disclosure

  9. Self Identification

  10. When is SDC needed? • The level of control needed depends on the risk of • disclosure • The risk of disclosure depends on: • who wants the data • the data in question • what they are going to do with it • We need only take account of • what is likely reasonably to happen, • not what is hypothetically possible.

  11. aspects of ISD 500 staff, varied grades/types/roles 100 data sets per year: - 100 publications - 3000 information requests (incl. FoIs) - 500 Parliamentary Questions a range of users, eg: SG, NHS Boards, Local Authorities, researchers, media/public

  12. ISD practice ISD guidance/practice has evolved in recent years Informed by ONS guidance on abortions (2005), health (2006) ISD SDC Protocol, first issued in March 2009 Applies to publications, information requests, FOIs, PQs, ‘management information’

  13. ISD practice - risk assessment based on: - likelihood of an attempt of disclosure - impact of disclosure consider: - cell values and table design - is the subject ‘sensitive’? - size of ‘population at risk’ - geography / institutions / practitioners - judgement – no magic formula

  14. ISD practice – SDC methods preferred current ISD methods: table re-design (eg aggregation) cell suppression (primary / secondary) then consider: rounding other methods (discuss first with Head of Stats team): adjusting cell values (e.g. Barnardisation), database modification

  15. ISD practice – a few points where possible, discuss options with customer if SDC is used then provide some explanation for users primary suppression should not be distinguishable from secondary suppression document the rationale – shows that thought has been applied ‘management information’ – risks are usually lower wider question? – what do ‘small numbers’ mean?

  16. Getting the balance right ‘Risk’ - keep data safe ‘Utility’ - exploit the data ‘maximise utility while reducing risk to acceptable level’

  17. Other organisations? • … have different procedures • eg Scottish Government, GROS, England NHS Information Centre • NHS Boards?

  18. An FoI example - childhood leukaemia (1) • on behalf of an MSP [11/01/05]: • “Please supply me with details of all incidents of leukaemia for both sexes in the age range 0-14 by year from 1990-2003 for all the DG [Dumfries and Galloway] postal area by census ward.”

  19. An FoI example- childhood leukaemia (2) • 14 separate years • 18 cases (aged 0-14) • 47 census wards • ave. ~50 sq. miles • ave pop ~550

  20. An FoI example- childhood leukaemia (3) • ISD refused to release the information: a risk of identification of patients and therefore in breach of the Data Protection Act • Customer appealed to Scottish Information Commissioner (SIC): SIC said that data should be released • ISD appealed to Court of Session: Court said that data should be released • ISD appealed to House of Lords

  21. An FoI example- childhood leukaemia (4) • House of Lords judged that SIC should reconsider the case. • Dr Adam Bryson, (then) Medical Director of NHS NSS, said [June 2008]: “Our motive (…) has been to secure clarity on the legal position regarding a serious issue that potentially impacts on the rights to privacy of each of the 60 million people in the UK. (…)” • SIC published decision notice in 2010

  22. Example A: • extract from a publication table • safe to publish?

  23. Example B: • extract from a draft publication table • safe to publish?

  24. Example C: • Parliamentary Question on ‘stab wounds’ (extract) • ISD draft answer:

  25. Example C: • differing views • SG final answer, incl secondary suppression:

  26. Example D: • Freedom of Information request: • ‘The number of registrations of cancers (all cancers combined, ICD-10 C00-C96 excluding C44) for each of the last 10 years for which you have published registrations - 1997-2006, for the postcode XX99 9XX.’ • safe to release the information?

  27. Example D: • Freedom of Information request: • ‘The number of registrations of cancers (all cancers combined, ICD-10 C00-C96 excluding C44) for each of the last 10 years for which you have published registrations - 1997-2006, for the postcode XX99 9XX.’ • there were 0 cases in each year • safe to release the information?

  28. Example D: • ISD answer (part): • ‘We are unable to provide this as to do so would breach the Data Protection Act (DPA) 1998. We consider the information requested to be personal data, as defined in section 1(1) of the act, and by the first Data Protection Principle. This is because of the small numbers of health events recorded at unit postcode level. We believe that there would be risk of disclosing personal information if we were to provide the information you seek in the form requested. The Freedom of Information (Scotland) Act 2002 allows an exemption from release for personal data under section 38.’

  29. Example E: • Freedom of Information request (part): • ‘a breakdown, by NHS Board, by age, of every girl below 16 who had an abortion in the last 12 months, including a breakdown of how many were miscarriages or induced by surgical procedure’

  30. Example E: • ISD answer (part):

  31. Summary ‘disclosure’ is important … but there is a balance with utility – we want the data to be used, wherever appropriate now part of ISD daily work ISD outputs now more consistent, more secure

More Related