Lesson 5 Confidentiality
MEASURE Evaluation
PHFI Training of Trainers
May 2011
Objective
 Discuss issues of confidentiality and spatial tools
 Present strategies for protecting confidentiality
Confidentiality
 Protecting identity of individuals
 Requirement
 Informed consent agreements
 Ethical research
Overt disclosure
The act of explicitly
making data available
that breaches
confidentiality
commitments.
Deductive Disclosure
45 year old
female
45 year old
female
45 year old female
Has 5 children
Has 5 children
28.67171, 77.21211
Works for General
Electric in Delhi
Spatial Data
 Overt disclosure
 Makes deductive
disclosure easier
Geoprivacy
“[an] individual’s right to
prevent disclosure of the
location of one’s home,
workplace, daily activities
or trips.”
Protection of geoprivacy and accuracy
of Spatial Information: How Effective
are Geographical Masks?
Kwan, Casas, Schmitz
Cartographica, Vol 39, #2
Four Principles
 Protection of
Confidentiality
 Social-Spatial Linkage
 Data Sharing
 Data Preservation
Confidentiality and spatially explicit data:
Concerns and challenges
VanWey, Rindfuss, Gutmann, Entwisle,
Balk PNAS, vol. 102, no. 43
1. Protection of Confidentiality
 Fundamental to ethical research
 Information that might lead to physical,
emotional, financial or other harm
 Protection of information that discloses identity
2. Social-Spatial Linkage
 All human activity takes place on earth
 Understanding that adds context and perspective
 Key to advancement of science
 Essential for understanding the diffusion of
behaviors
3. Data Sharing
 Essential on both scientific and financial grounds
 Provide access to data for other researchers
 Condition of funders
4. Data Preservation
 Data available in the future
 How long should data be deemed “sensitive”?
 When, if ever, can it be released
Strategies
Random Perturbations
 Random shifting of
point locations
 Pros: Easy
(relatively) to do
 Cons: Lose original
location, introduces
error
Affine Transformation
 Change scale
 Rotate
 Shift a set distance
 Combination
 Pros: Easy to do
 Cons: Easy to undo,
can impact some
types of analysis
Aggregate
 Point locations are
aggregated to
higher unit of
analysis
 Pros: Easy to do
 Cons: Requires
sufficient data
points, Finer data
variations will be lost
Despatialize
 Remove Coordinate
System
 Use Euclidean space
 Pros: Simple, keeps
relative position and
placement
 Cons: Loses
contextual data
Nothing
 Do not collect or
release data
 Cold room or on-site
analysis only
 Pros: Maintains all of
the original spatial data
 Cons: Complicated,
limits data sharing,
limits social-spatial link
Spatial Integrity
Maximum
Minimum
Maximum
Risk
Disclosure
Minimum
Risk
“Ignoring is unacceptable”
 Can get lost in the excitement about GIS
 Those who collect data must think about the
confidentiality issues
 Data users must also think about how their
analysis may increase the risk of deductive
disclosure.
Key points
 Confidentiality issues arise when spatial context
is included in data.
 It’s important to protect confidentiality. People
have an expectation that their identities are
protected.
 There are strategies that can preserve
confidentiality, but there is no “one-size-fits-all
solution”