Skip to content

Philosophy of Disclosure Avoidance for Census Bureau Data

Disclosure Avoidance #2017-01
Michael H. Freiman
Component ID: #ti393910020

Abstract

The Census Bureau is mandated by law to collect data and publish statistical summaries. In so doing, the Bureau must ensure that the data are used solely for statistical purposes and that the privacy and confidentiality of responding individuals and organizations are not compromised by any publications. The law does not mandate how these two requirements are balanced when tradeoffs are necessary. Methods used by the Census Bureau to protect privacy and confidentiality are designed to guard against unauthorized identity, attribute, or inferential disclosure. Current disclosure methods used by the Bureau include suppression, aggregation/coarsening, perturbation by input or output noise, and the creation and release of synthetic data. However, each of these methods invariably involves a tradeoff between privacy loss and accuracy: the more accurate the data, the more privacy that is lost. Legacy disclosure avoidance systems did not quantify either the privacy loss or the accuracy of the resulting data. The Census Bureau is now moving to a new generation of disclosure avoidance techniques based on formal privacy methods that quantify both of these measures and allow policymakers to specify the tradeoff between privacy and data accuracy. The changes in disclosure limitation methodology applied to the Census Bureau data may result in a larger group of researchers who realize that the public versions of released data and statistics are not suitable for their research. As a result, it is possible that more researchers will request access to the Federal Statistical Research Data Centers in the future.

X
  Is this page helpful?
Thumbs Up Image Yes    Thumbs Down Image No
X
No, thanks
255 characters remaining
X
Thank you for your feedback.
Comments or suggestions?