1 / 5

Providing Secure Access to Sensitive Data

In the digital age, addressing the critical challenge of securing sensitive data while ensuring access for research is paramount. This paper discusses strategies employed by leading tech companies, such as Microsoft and Google, to maintain data integrity and privacy. It highlights lessons learned from past data breaches, like those involving AOL and Netflix, and advocates for the integration of content-focused research teams with privacy protection experts. By fostering collaboration and understanding between these groups, we can improve the security mechanisms for publicly released statistics and vital data.

oberon
Télécharger la présentation

Providing Secure Access to Sensitive Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Providing Secure Access to Sensitive Data John M. Abowd Cornell UniversityIASSIST 2010June 4, 2010

  2. Everybody's Got the Same Problem Substantial Data Asset Physical Security LayerAccess Protocol Public View on Private Data Firewall Firewall Google Search Logs American Community Survey Micro-data Research Paper from a Census RDC Leading Indicators Based on Search Frequencies

  3. But They Don’t Use the Same Strategies • Microsoft, Google, Yahoo!, Amazon tend to rely on formal privacy methods • Scientific validity and future data integrity are corporate assets • Most strategies explicitly integrate content and privacy functions • Distinguish between types of data releases: • Official statistics • Special tabulations • Public-use files • Protocol data access (RDC, AFF Advanced Query) • Most strategies isolate the content and disclosure limitation functions

  4. And They Don’t Make the Same Mistakes • AOL and Netflix search log releases were fully preventable • Information loss from randomized sanitizers is fully quantifiable but scientifically difficult to digest • Not as concerned about the public good aspect of data release • Research papers viewed as usually safe when based on statistical modeling • Concerned about the public good from statistical publications but limited by ad hoc disclosure avoidance procedures that provide security through obscurity

  5. What To Do Next • Recognize that every public view from official statistics to model output in scientific papers can be assessed for both statistical validity and privacy/confidentiality leakage • There is a continuum from official statistics through “need-to-know” privileged access that all research paradigms touch—think more about the substance and less about the form • Integrate research teams primarily interested in content with teams primarily interested in privacy protection • Be certain that both groups know what the other is doing

More Related