Statistical Disclosure Control for Microdata: A Practice Guide for sdcMicro

This is documentation and guidance for using sdcMicro from command-line. sdcMicro is an R package, which provides tools for Statistical Disclosure Control (SDC) for microdata, also known as microdata anonymization. We refer to Statistical Disclosure Control for Microdata: A Theory Guide. for an introduction to SDC for microdata with a complete overview of the theory as well as examples from practice.

Authors of this guide: Thijs Benschop and Matthew Welch, The World Bank

Acknowledgments: The authors thank Olivier Dupriez and Cathrine Machingauta (The World Bank) for their technical comments and inputs throughout the process.

Preferred citation of this guide: Benschop, T. and Welch, M. (n.d.) Statistical Disclosure Control for Microdata: A Practice Guide. Retrieved (insert date), from https://sdcpractice.readthedocs.io/en/latest/

The production of this guide was made possible through a World Bank Knowledge for Change II Grant: KCP II - A microdata dissemination challenge: Balancing data protection and data utility. Grant number: TF 015043, Project Number P094376. As well as from United Kingdom - DFID funding to the World Bank Multi-Donor Trust Fund - International Household Survey and Accelerated Data Program – TF071804/TF011722/TF0A7461.

Table of Content

• Introduction
  • Building a knowledge base
  • Using this guide
  • Outline of this guide
• Glossary and list of acronyms
  • List of Acronyms
  • Glossary
• Statistical Disclosure Control (SDC): An Introduction
  • Need for SDC
  • The risk-utility trade-off in the SDC process
• Release Types
  • Conditions for PUFs
  • Conditions for SUFs
  • Conditions for microdata available in a controlled research data center
• Measuring Risk
  • Types of disclosure
  • Classification of variables
  • Disclosure scenarios
  • Levels of risk
  • Individual risk
  • Special Uniques Detection Algorithm (SUDA)
  • Risk measures for continuous variables
  • Global risk
  • Household risk
• Anonymization Methods
  • Classification of SDC methods
  • Non-perturbative methods
  • Perturbative methods
  • Anonymization of geospatial variables
  • Anonymization of the quasi-identifier household size
  • Special case: census data
• Measuring Utility and Information Loss
  • General utility measures for continuous and categorical variables
  • Utility measures based on the end user’s needs
  • Regression
  • Assessing data utility with the help of data visualizations (in R)
  • Choice of utility measure
• SDC with sdcMicro in R: Setting Up Your Data and more
  • Installing R, sdcMicro and other packages
  • Read functions in R
  • Missing values
  • Classes in R
  • Objects of class sdcMicroObj
  • Household structure
  • Randomizing order and numbering of individuals or households
  • Computation time
  • Common errors
• The SDC Process
  • Step 1: Need for confidentiality protection
  • Step 2: Data preparation and exploring data characteristics
  • Step 3: Type of release
  • Step 4: Intruder scenarios and choice of key variables
  • Step 5: Data key uses and selection of utility measures
  • Step 6: Assessing disclosure risk
  • Step 7: Assessing utility measures
  • Step 8: Choice and application of SDC methods
  • Step 9: Re-measure risk
  • Step 10: Re-measure utility
  • Step 11: Audit and Reporting
  • Step 12: Data release
• Appendices
  • Appendix A: Overview of Case Study Variables
  • Appendix B: Example of Blanket Agreement for SUF
  • Appendix C: Internal and External Reports for Case Studies
  • Case study 1 - Internal report
  • Case study 1 - External report
  • Case study 2 - Internal report
  • Case study 2- External report
  • Appendix D: Execution Times for Multiple Scenarios Tested using Selected Sample Data

Case studies

• Case Studies (Illustrating the SDC Process)
  • Case study 1- SUF
  • Case study 2 - PUF