Multiple Imputation for Combining Confidential Data Owned by Two Agencies

Kohnen, Christine N.; Reiter, Jerome P.

doi:10.1111/j.1467-985x.2008.00574.x

Cited by 14 publications

(10 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This approach can be adapted for more general add‐on scenarios. The approach was developed by Kohnen (2005) and illustrated by Kohnen & Reiter (2009). We assume no missing data in D 1 or D 2 ; methods for handling missing data and integration simultaneously are a subject for future research.…”

Section: Synthetic Data For Integration and Disseminationmentioning

confidence: 99%

See 1 more Smart Citation

Using Multiple Imputation to Integrate and Disseminate Confidential Microdata

Reiter¹

2009

Int Statistical Rev

Self Cite

View full text Add to dashboard Cite

In data integration contexts, two statistical agencies seek to merge their separate databases into one file. The agencies also may seek to disseminate data to the public based on the integrated file. These goals may be complicated by the agencies' need to protect the confidentiality of database subjects, which could be at risk during the integration or dissemination stage. This article proposes several approaches based on multiple imputation for disclosure limitation, usually called synthetic data, that could be used to facilitate data integration and dissemination while protecting data confidentiality. It reviews existing methods for obtaining inferences from synthetic data and points out where new methods are needed to implement the data integration proposals. Copyright (c) 2009 The Author. Journal compilation (c) 2009 International Statistical Institute.

show abstract

Section: Synthetic Data For Integration and Disseminationmentioning

confidence: 99%

“…Or, Agency 1 might transform the variables with sensitive data to standard normal distributions, e.g. via Box–Cox transformations; see Kohnen & Reiter (2009) for an application of this approach. A third masking approach was described by Kohnen (2005).…”

Section: Synthetic Data For Integration and Disseminationmentioning

confidence: 99%

Using Multiple Imputation to Integrate and Disseminate Confidential Microdata

Reiter¹

2009

Int Statistical Rev

Self Cite

View full text Add to dashboard Cite

show abstract

“…Recent developments in advanced disclosure avoidance techniques for microdata include noise infusion (Organisation for Economic Co‐operation and Development, ) and synthetic data (Machanavajjhala et al ., ; Reiter, ; Kohnen and Reiter, ). The first large‐scale use of noise infusion in any official statistical product occurred in 2003 on the US Census Bureau's QWIs (Abowd et al ., ).…”

Section: Introductionmentioning

confidence: 99%

A New Method for Protecting Interrelated Time Series with Bayesian Prior Distributions and Synthetic Data

Schneider

Abowd

2015

Journal of the Royal Statistical Society Series A: Statistics in Society

View full text Add to dashboard Cite

Summary Organizations disseminate statistical summaries of administrative data via the Web for unrestricted public use. They balance the trade‐off between protection of confidentiality and quality of inference. Recent developments in disclosure avoidance techniques include the incorporation of synthetic data, which capture the essential features of underlying data by releasing altered data generated from a posterior predictive distribution. The US Census Bureau collects millions of interrelated time series microdata that are hierarchical and contain many 0s and suppressions. Rule‐based disclosure avoidance techniques often require the suppression of count data for small magnitudes and the modification of data based on a small number of entities. Motivated by this problem, we use zero‐inflated extensions of Bayesian generalized linear mixed models with privacy‐preserving prior distributions to develop methods for protecting and releasing synthetic data from time series about thousands of small groups of entities without suppression based on the magnitudes or number of entities. We find that, as the prior distributions of the variance components in the Bayesian generalized linear mixed model become more precise towards zero, protection of confidentiality increases and the quality of inference deteriorates. We evaluate our methodology by using a strict privacy measure, empirical differential privacy and a newly defined risk measure, the probability of range identification, which directly measures attribute disclosure risk. We illustrate our results with the US Census Bureau's quarterly workforce indicators.

show abstract

“…Among the major limitations of this approach are that it relies on SRL, allows only datacustodians to analyse the microdata (i.e., non-data custodians cannot perform analysis) and that it is currently limited to a certain set of models. Alternatively, Kohnen and Reiter (2009) consider the novel problem of how data custodians, without sharing sensitive variables, can together produce synthetic linked microdata for public use. Limitations of this approach are that synthetic data can be time consuming to produce and that it can be hard to guarantee that the synthetic data do not distort some important relationships.…”

Section: Introductionmentioning

confidence: 99%

Disclosure-Protected Inference with Linked Microdata Using a Remote Analysis Server

Chipperfield¹

2014

Journal of Official Statistics

View full text Add to dashboard Cite

Large amounts of microdata are collected by data custodians in the form of censuses and administrative records. Often, data custodians will collect different information on the same individual. Many important questions can be answered by linking microdata collected by different data custodians. For this reason, there is very strong demand from analysts, within government, business, and universities, for linked microdata. However, many data custodians are legally obliged to ensure the risk of disclosing information about a person or organisation is acceptably low. Different authors have considered the problem of how to facilitate reliable statistical inference from analysis of linked microdata while ensuring that the risk of disclosure is acceptably low. This article considers the problem from the perspective of an Integrating Authority that, by definition, is trusted to link the microdata and to facilitate analysts' access to the linked microdata via a remote server, which allows analysts to fit models and view the statistical output without being able to observe the underlying linked microdata. One disclosure risk that must be managed by an Integrating Authority is that one data custodian may use the microdata it supplied to the Integrating Authority and statistical output released from the remote server to disclose information about a person or organisation that was supplied by the other data custodian. This article considers analysis of only binary variables. The utility and disclosure risk of the proposed method are investigated both in a simulation and using a real example. This article shows that some popular protections against disclosure (dropping records, rounding regression coefficients or imposing restrictions on model selection) can be ineffective in the above setting.

show abstract

Multiple Imputation for Combining Confidential Data Owned by Two Agencies

Cited by 14 publications

References 29 publications

Using Multiple Imputation to Integrate and Disseminate Confidential Microdata

Using Multiple Imputation to Integrate and Disseminate Confidential Microdata

A New Method for Protecting Interrelated Time Series with Bayesian Prior Distributions and Synthetic Data

Disclosure-Protected Inference with Linked Microdata Using a Remote Analysis Server

Contact Info

Product

Resources

About