Making useful data safe

Our research helps protect the confidentiality of individual citizens in data and has been used by national statistical agencies, government departments, and private companies in the UK and internationally.

Organisations that share or disseminate personal information must ensure it remains anonymised and prevent statistical disclosure. Our research, consultancy and advisory work into data management and confidentiality practices are leading many organisations to adopt better anonymisation methods.

In the UK we have delivered consultancy for:

Our cutting edge research guided the specifications of the 2011 Census outputs for the UK’s Office for National Statistics.

 Internationally we have conducted consultancy on behalf of:

Key research applications

  1. Our work has contributed to the ‘open data’ agenda in several government departments as they develop methods to release anonymised data to researchers and to the public.
  2. Canadian firm Privacy Analytics used our methods in its risk assessment software, now used by 70 organisations.
  3. Establishment of the Data Environment Analysis Service (DEAS) to guide the specifications of the 2011 Census output for the UK’s Office for National Statistics.
  4. Development of the SUDA software package now licensed via University of Manchester Intellectual Property (UMIP), used by agencies across the world to carry out disclosure risk analyses.
  5. We lead the new UK Anonymisation Network (UKAN) which provides advisory services for data users and is developing the best practice guide to anonymisation.
  6. Our research has led to international recognition and use of the research outputs from theoretical ideas that challenge established practice to case studies and software. The research has helped to remodel the way that organisations carry out disclosure risk analysis.
  7. We have developed innovative statistical methods, and devised new approaches to the problem of data privacy and anonymisation working closely with practitioners to develop fit for purpose tools.
  8. Our research takes a novel stance. Instead of being data-centric (focusing on the statistical properties of the data to be disseminated) the risk analyses are intruder-centric (focusing on the means, motives and opportunities of individuals or organisations who might wish to attack the data). We combine social science with traditional statistical approaches.

The methods

  1. Attack Scenario Analysis where we formally specify the plausible ways in which privacy may be attacked.
  2. Data Environment Analysis – a framework on how to capture/measure the external factors related to the risk of confidentiality breaches.
  3. Data Intrusion Simulation – (DIS): where we simulate intruder behaviour in a statistical framework.
  4. Special Uniques Identification Method – (SUIM) where we identify records at particular risk of re-identification.
  5. We combined DIS and SUIM into a software package called SUDA which allows users to perform robust disclosure risk analyses and assess the data’s level of protection from an ‘attack’.

Key people

Person using laptop
Canadian firm 'Privacy Analytics' used our methods in its risk assessment software, now used by 70 organisations.