JSM 2011 – Statistical Disclosure Control via Suppression: Some thoughts
I attended a session at JSM (in Miami. In August….) where the big topic was statistical disclosure control (SDC) via suppression in linked tables. As far as I can tell suppression is the most popular and widely used method of SDC for tables, but it seems that the application of this procedure is extremely ad hoc. Data disseminating organizations all have different rules for when they feel that a cell count or total is too small to be released, but it seems that this is all done by educated guessing as to what cell values are unsafe. I wonder if there are any formal guarantees that can be provided to individuals or organizations whose data is being disseminated in tables and protected via suppression? Certainly tables with sensitive values cannot simply be released to the public and something needs to be done to address the problem. Cell suppression is something and it certainly offers something in the way of protection (what is that something?). But I don’t know that cell suppression is more about an appearance of privacy (which is still very important), rather than actually providing privacy.
Of course, I’d love someone to respond to me and tell me that I am dead wrong and put my mind at ease.