Chapter 3. A Practical Risk-Management Framework
While technology is an important enabler of data anonymization, technology is not the end of the story. Building an effective anonymization pipeline at an enterprise level is as much about governance as it is about technology, as we aim to deliver trust to stakeholders.1 Accounting for risk in as an anonymization technology is critical to achieving the right level of anonymization and resulting data utility, which influences the analytic outcomes.
To maximize outcomes, an organization must have efficient methods of measuring, monitoring, and assuring the controls associated with each disclosure context. More broadly, organizations should establish a framework to manage identifiability holistically while enabling a wide range of data uses.
If you only apply technology to anonymize data, you miss out on a vital area of the overall strategy—the people and decisions behind the solution, and the processes and procedures that instill consistency. Without these elements, you miss the tenets of governance—accountability, transparency, and applicability. And you end up with less useful data.
The techniques used to achieve anonymization cannot be separated from the context in which data is shared: the exact data you’re working with, the people you’re sharing it with, and the goals of subsequent analysis. This is called risk-based anonymization. A framework has emerged from statistical data sharing by government agencies that is predominantly ...
Get Building an Anonymization Pipeline now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.