Understanding Database Reconstruction Attacks on Public Data

In 2020 the U.S. Census Bureau will conduct the Constitutionally mandated decennial Census of Population and Housing. Because a census involves collecting large amounts of private data under the promise of confidentiality, traditionally statistics are published only at high levels of aggregation. Published statistical tables are vulnerable to DRAs (database reconstruction attacks), in which the underlying microdata is recovered merely by finding a set of microdata that is consistent with the published statistical tabulations. A DRA can be performed by using the tables to create a set of mathematical constraints and then solving the resulting set of simultaneous equations. This article shows how such an attack can be addressed by adding noise to the published tabulations, so that the reconstruction no longer results in the original data

A Short Review of Ethical Challenges in Clinical Natural Language Processing

Clinical NLP has an immense potential in contributing to how clinical practice will be revolutionized by the advent of large scale processing of clinical records. However, this potential has remained largely untapped due to slow progress primarily caused by strict data access policies for researchers. In this paper, we discuss the concern for privacy and the measures it entails. We also suggest sources of less sensitive data. Finally, we draw attention to biases that can compromise the validity of empirical research and lead to socially harmful applications.Comment: First Workshop on Ethics in Natural Language Processing (EACL'17

International access to restricted data: A principles-based standards approach

Cross-border access to restricted government microdata for research has made relatively little progress. Recent developments are notable as exceptions. This paper argues that the situation is made more complex by the lack of a common general frame of reference for comparing objectives and concerns; this reinforces the risk-aversion in government organisations. Attempts to develop general international data access strategies therefore collapse to sui generis bilateral agreements of limited strategic value. One way forward is to decouple implementation from strategic principles. A principles-based risk-assessment framework, using popular multiple-component data security models, allows decisions about access to focus on objectives; similarly, secure facilities could be developed to standards independent of dataset-specific negotiations. In an international context, proposals for classification systems are easier to agree than specific multilateral implementations. Moreover, a principles-based approach can be aligned with organisational goals, allowing countries to signal strategic intentions to others without the need for explicit commitment. The paper uses examples from the UK, US and cross-European projects to show how such principles-based standards have worked on a within-country basis and may help to resolve immediate practical issues. © 2013 - IOS Press and the authors. All rights reserved

Presentation: Data access in North America: Current state and future consequences

Presentation at the First DwB European Data Access Forum

Evaluation of the role of the Oasis Family Resilience Worker

Abstrac

Exploring Organizational Human Resource Information System Security

We explore HRIS security by presenting information security fundamentals and how they pertain to organizations. With increasing use of enterprise systems such as HRIS, security of such systems is an area that is worthy of concern. Even then, there is surprisingly little research in this area, albeit extensive work is present with regard to HRIS privacy. While focusing on HRIS security we introduce aspects of HRIS security and how it can be enhanced in organizations. Because of its complex, sensitive nature, we suggest that qualitative research is the optimal method of further investigating HRIS security. We also propose six research questions as part of deepening our understanding of HRIS research in the future

Information Security Risk Assessment: Towards a Business Practice Perspective

Information security risk assessments (ISRAs) are of great importance for organisations. Current ISRA methods identify an organisation’s security risks and provide a measured, analysed security risk profile of critical information assets in order to build plans to treat risk. However, despite prevalent use in organisations today, current methods adopt a limited view of information assets during risk identification. In the context of day-to-day activities, people copy, print and discuss information, leading to the ‘leakage’ of information assets. Employees will create and use unofficial assets as part of their day-to-day routines. Furthermore, employees will also possess important knowledge on how to perform their functions within a business process or information system. These are all elements of business ‘practice’, a perspective that would yield a richer and holistic understanding of an organisation’s information assets and vulnerabilities. This perspective is not captured by traditional ISRA methods, leading to an incomplete view of an organisation’s information systems and processes that could prove detrimental and damaging. This paper hence suggests that a business practice perspective be incorporated into ISRA methods in order to identify information leakage, unofficial, critical information assets and critical process knowledge of organisations