data anonymization professional certification

17
www.privacyanalytics.ca | 613.369.4313 [email protected] 251 Laurier Avenue, Suite 200 Ottawa, Ontario, Canada K1P 5J6 Data Anonymization Professional Certification Developing the Knowledge and Experience

Upload: privacy-analytics

Post on 08-Jul-2015

156 views

Category:

Data & Analytics


3 download

DESCRIPTION

How to become a certified de-identification professional.

TRANSCRIPT

Page 1: Data Anonymization Professional Certification

www.privacyanalytics.ca | 613.369.4313

[email protected]

251 Laurier Avenue, Suite 200

Ottawa, Ontario, Canada K1P 5J6

Data Anonymization Professional Certification

Developing the Knowledge and Experience

Page 2: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

Presenter

Luk Arbuckle, Director of [email protected]

Page 3: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

Finding an Expert

Page 4: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

Motivations for Anonymization

Population HealthRegulation

Comparative BenchmarkingReleasing Data

Detecting Fraud

Monetizing Data Compliance

Accelerating Research

Data Complexity

Re-identification Risk

Post-marketing surveillance

Data Breach

Marketing

Reputation

Ethics

Software Testing

Page 5: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

Safeguard and Enable Data for Secondary Purposes

•PARAT automates the masking and de-identification of data

•Anonymize structured and unstructured data

•Peer-reviewed methodologies and value-added services that certify data as de-identified

Page 6: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

While the HIPAA Privacy Rule only applies to the anonymization of U.S. regulated health data, it is a useful and relevant standard for the anonymization of all data.

HIPAA Privacy Rule

Page 7: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

• A person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable:I. Applying such principles and methods; determines that the risk is “very

small” that the information could be used, alone or in combination with other reasonably available information by an anticipated recipient to identify an individual who is a subject of the information; and

II. Documents the methods and results of the analysis that justify such determination

Expert Determination (Statistical) Method

Page 8: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

Shortage of Anonymization Professionals

• Ad-hoc methods will be used, and data will have lower analytic utility

• Analytics will not occur, impeding research and data monetization

• Non-experts may perform the anonymization, risking disclosure

Page 9: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

Defining Expertise Required to Anonymize Data

Page 10: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

Resources to Get You Started

Page 11: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

Enterprise Re-Identification Risk Management Framework

• Develop the skills needed to manage the risk of re-identification when data is shared for secondary purposes.

• Ensure that responsible privacy and security protocols are in place to allow the ethical use of these large data stores of sensitive personal or protected health information.

• Standards and guidelines for protecting this information need to be implemented.

Page 12: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

Appropriate Knowledge to Anonymize Data

• The Case for Anonymizing Data• Concepts and Definitions• Selecting Identifiers• Risk Measurement for Public Data Releases• Setting Thresholds for Public Data Releases• Risk Measurement for Non-Public Data Releases• Risk Management• Implementing Anonymization Methods

Page 13: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

Appropriate Experience to Anonymize Data

Anonymize two real data sets under the coaching and guidance of someone who is already a seasoned expert (someone involved in the anonymization of a minimum of ten data sets).

Page 14: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc. 14

Automating Anonymization

Page 15: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc. 15

Certification Exam

The ability to define very small risk in a defensible way; the ability to select appropriate metrics and to measure the risk of re-identification; and the ability to transform the data to ensure that the measured risk is indeed very small.

Page 16: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

Who is the Anonymization Professional?

• The background of the candidate can be data analysis, database management, health data management, statistician, or software programming.

• Automation means that it’s possible for individuals who are not statisticians or data analysts to anonymize data sets.

Page 17: Data Anonymization Professional Certification

© 2014 Privacy Analytics, Inc.

Data Quality1 Analytic Granularity2 Depth of

Insight3

Ensuring de-identified data has analytic usefulness by minimizing the amount of distortion but still ensure that re-identification risk is very small

Allowing users to configure the extent of de-identification to match the characteristics of the analysis that is anticipated

Enabling analysis of the total patient health experience, to compile a complete picture of this experience from multiple data sources and types

Balancing Privacy with Data Utility