U.S. flag

An official website of the United States government

Skip Header


Towards a Principled Framework for Disclosure Avoidance

Written by:
Working Paper Number: CED-WP-2024-005

Abstract

Responsible disclosure limitation is an iterative exercise in risk assessment and mitigation. From time to time, as disclosure risks grow and evolve and as data users’ needs change, agencies must consider redesigning the disclosure avoidance system(s) they use. Discussions about candidate systems, however, often conflate inherent features of those systems with implementation decisions that are independent of the systems themselves. For example, a disclosure avoidance system’s ability to calibrate the strength of protection to suit the underlying sensitivity or disclosure risk of the data (e.g., by varying cell suppression thresholds) is a worthwhile feature of that system regardless of the independent decision about how much protection is actually necessary. Having a principled discussion and assessment of candidate disclosure avoidance systems, therefore, requires a framework for distinguishing and evaluating these inherent features of the systems from the implementation decisions that need to be made independent of the system selected. In the context of statistical agencies, this framework must also reflect the applied nature of these systems within the operational realities and production cycles of the organization. As such, the framework should acknowledge that candidate systems need to be adaptable to requirements stemming from the legal, policy, scientific, resource, and stakeholder environments within which they would be operating. This paper proposes such a framework of principles for evaluating the strengths and limitations of different applied disclosure avoidance systems, distinguishing those principles from the implementation questions that often complicate these types of discussions. Additionally, it is important to acknowledge that no approach to disclosure avoidance will be perfectly adaptable to every potential system requirement. Because the selection of some methodologies over others may constrain the resulting systems' efficiency and flexibility to adapt to particular statistical product specifications, unique data user needs, or specific disclosure risks, agency decision makers may approach these choices in a somewhat iterative fashion, adapting system design requirements, data product specifications, and implementation parameters as necessary to ensure the resulting quality of the statistical product.

Page Last Revised - January 23, 2025
Is this page helpful?
Thumbs Up Image Yes Thumbs Down Image No
NO THANKS
255 characters maximum 255 characters maximum reached
Thank you for your feedback.
Comments or suggestions?

Top

Back to Header