risks and mitigations of releasing data
-
Upload
sara-jayne-terp -
Category
Data & Analytics
-
view
172 -
download
2
Transcript of risks and mitigations of releasing data
![Page 1: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/1.jpg)
Risks and mitigations of releasing dataRisk analysis and complexity in de-
identifying and releasing data.
Sara-Jayne Terp
RDF Discussion
![Page 2: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/2.jpg)
First, Do No Harm
“If you make a dataset public, you have a responsibility, to the best of your knowledge, skills, and advice, to do no harm to the people connected to that dataset. You balance making data available to people who can do good with it and protecting the data subjects, sources, and managers.”
2
![Page 3: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/3.jpg)
What is risk?What is the risk here?
3
![Page 4: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/4.jpg)
RISK
“The probability of something happening multiplied by the resulting cost or benefit if it does” (Oxford English Dictionary)Three parts:•Cost/benefit•Probability•Subject (to what/whom)
4
![Page 5: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/5.jpg)
Subjects: Physical
5
“Witnesses told us that a helicopter had been circling around the area for hours by the time the bakery opened in the afternoon. It had, perhaps, 200 people lined up to get bread. Suddenly, the helicopter dropped a bomb that hit a building on the opposite side [of the street] from the bakery, spraying shrapnel and debris over the breadline”
- FirstMileGeo report on Aleppo
![Page 6: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/6.jpg)
Subjects: Reputational
6
![Page 7: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/7.jpg)
Subjects: Physical
7
![Page 8: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/8.jpg)
Collectors: Physical
8
![Page 9: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/9.jpg)
Processors: Legal
9
![Page 10: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/10.jpg)
Risk OF What?
• Physical harm• Legal harm (e.g. jail, IP disputes)• Reputational harm• Privacy breach
10
![Page 11: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/11.jpg)
Risk to Whom?
• Data subjects (elections example)• Data collectors (conflict example)• Data processing team (military equipment
example)• Person releasing the data (corruption example)• Person using the data
11
![Page 12: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/12.jpg)
Likelihood of Risk
LowMediumHigh
12
![Page 13: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/13.jpg)
piIHow I handle it
13
![Page 14: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/14.jpg)
PII
“Personally identifiable information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.”
14
![Page 15: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/15.jpg)
Learn to spot Red Flags
• Names, addresses, phone numbers• Locations: lat/long, GIS traces, locality (e.g. home
+ work as an identifier)• Members of small populations• Untranslated text• Codes (e.g. “41”)• Slang terms• Can be combined with other datasets to produce
PII15
![Page 16: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/16.jpg)
Consider Partial Release
Release to only some groups• Academics• People in your organisation• Data subjects
Release at lower granularity• Town/district level, not street• Subset or sample of data ‘rows’• Subset of data ‘columns’
16
![Page 17: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/17.jpg)
Include locals
Locals can spot:•Local languages•Local slang•Innocent-looking phrases
Locals might also choose the risk
17
![Page 18: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/18.jpg)
Consider Interactions Between Datasets
18
![Page 19: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/19.jpg)
Learn From Experts
Over to you…
19
![Page 20: risks and mitigations of releasing data](https://reader035.fdocuments.us/reader035/viewer/2022062900/58d0ad281a28ab1d3a8b4697/html5/thumbnails/20.jpg)
THANK YOUFor questions or suggestions:
Responsible Data Forum