Читать книгу Administrative Records for Survey Methodology - Группа авторов - Страница 54

The goal of this chapter has been to illustrate how confidentiality protection methods can be and have been applied to linked administrative data. Our examples provide a guide to best-practices for data custodians endeavoring to walk the fine line between making data accessible and protecting individual privacy and confidentiality. Our examples also illustrate different paradigms of protection ranging from the more traditional approach of physical security to more modern formal privacy systems and the provision of synthetic data.

In concluding, we note that from a theoretical perspective, there does not appear to be a clear distinction between the threats to confidentiality in linked data relative to unlinked data, or in survey data relative to administrative data. Richly detailed data pose disclosure risks, irrespective of whether that richness is inherent in the data design, or comes from linkages of variables from multiple sources. Likewise, there are no special methods to protect confidentiality in linked versus unlinked data. Any data with a network, relational, panel or hierarchical structure poses special challenges to data providers to protect confidentiality while preserving analytical validity. Our example of the QWI shows one way this challenge has been successfully managed in a linked data setting, but the same tools could be effective in application to the QCEW, which uses the same frame, but does not involve worker-firm linkages.

However, from a legal perspective, linking two datasets can change the nature of confidentiality protection in a more practical manner. Any output must conform to the strongest privacy protections required across each of the linked datasets. For example, when the LEHD program links SSA data on individuals to IRS data on firms, any downstream research must comply with the confidentiality demands of all three agencies. Likewise, the data must conform to the U.S. Census Bureau publication thresholds for data involving individuals and firms. Hence, linking data can produce a maze of confidentiality requirements that are difficult to articulate, comply with, and monitor. Harmonizing or standardizing such requirements and practices across data providers, both public and private, and across jurisdictions would be helpful. Privacy and confidentiality issues also invite updated and continuing research on the demand for privacy from citizens and businesses, as well as the social benefit that arises from the dissemination of data.