Many statistical agencies face the challenge of maintaining the confidentiality of respondents while providing as much analytical value as possible from their data. Datasets relating to businesses present particular difficulties because they are likely to contain information about large enterprises that dominate industries and may be more easily identified. Agencies therefore tend to take a cautious approach to releasing business data (e.g., trusted access, remote access and synthetic data). The Australian Bureau of Statistics has developed a remote server, called TableBuilder, which has the capability to allow users to specify and request tables created from business microdata. The tables are confidentialised automatically by perturbing cell values, and the results are returned quickly to the users. The perturbation method is designed to protect against attacks, which are attempts to undo the confidentialisation, such as the well-known differencing attack. This paper considers the risk and utility trade-off when releasing three Australian Bureau of Statistics business collections via its TableBuilder product.
Chipperfield, J.O. 2014. “Disclosure-Protected Inference with Linked Micro-data using a Remote Analysis Server.” Journal of Official Statistics 30: 123–146. Doi: http://dx.doi.org/10.2478/jos-2014-0007.
Chipperfield, J.O. and C. O’Keefe. 2014. “Disclosure-Protected Inference using Generalised Linear Models.” International Statistical Review 82: 371–391. Doi: https://doi.org/10.1111/insr.12054.
Chipperfield, J.O., D. Gow, and B. Loong. 2016. “The Australian Bureau of Statistics and releasing frequency tables via a remote server.” Statistical Journal of the IAOS 1: 53–64. Doi: https://doi.org/10.3233/SJI-160969.
Domingo-Ferrer, J. and V. Torra. 2001. “Disclosure Protection Methods and Information Loss for Microdata.” In Confidentiality, Disclosure and Data Access: Theory and Practical Applications for Statistical Agencies, edited by P. Doyle, J.I. Lane, J.J.M. Theeuwes, and L. Zayatz, 91–110. Amsterdam: North-Holland.
Dwork, C., F. McSherry, K. Nissim, and A. Smith. 2006. “Calibrating Noise to Sensitivity in Private Data Analysis.” In Theory of Cryptography TCC, edited by S. Halevi and R. Rabin, 265–284. Heidelberg: Springer.
Lucero, J., L. Zayatz, L. Singh, J. You, M. DePersio, and M. Freiman. 2011. “The Current Stage of the Microdata Analysis System at the U.S. Census Bureau.” Proceedings of the World Congress of the International Statistical Institute, 3115–3133. Dublin. Available at: http://2011.isiproceedings.org/papers/650103.pdf (accessed January 2019).
O’Keefe, C. and J. Chipperfield. 2013. “A Summary of Attack Methods and Confidentiality Protection Measures for Fully Automated Remote Analysis Systems.” International Statistical Review 81: 426–455. Doi: https://doi.org/10.1111/insr.12021.
Reuter, W.H. and J.M. Museux. 2010. “Establishing an Infrastructure for Remote Access to Microdata at Eurostat.” In Privacy in Statistical Databases, edited by J. Domingo-Ferrer and E. Magkos, 249–257. Berlin, Heidelberg: Springer.
Yancey, W.E., W.E. Winkler, and R.H. Creecy. 2002. “Disclosure Risk Assessment in Perturbative Micro-data Protection.” In Inference Control in Statistical Databases, edited by J. Domingo-Ferrer, 135–151. New York: Springer.