Minimizing Disclosure Risk in HHS Open Data Initiatives. 1. Potential Intruders


Potential intruders—those who might attempt to re-identify entities in the data and use the information in some way—encompass a wide range of possible users. Among these the greatest threat is posed by those with exceptional computer skills or with access to information on a large number of identified individuals or with exceptionally detailed information on a particular individual. These attributes afford them an advantage in circumventing the protections that have been applied to the data that the government releases to the public. Hackers have demonstrated their ability to defeat high-level security measures, and they pose a constant threat, but attention must also be focused on individuals in organizations that collect and maintain extensive personal information for business purposes—such as credit bureaus. The challenge presented by those with access to proprietary databases is significant. First, the records in these databases are identified. Second, the records include basic demographic information that is repeated in many public databases of individuals. Third, because the data are proprietary, they are not readily available to government researchers to use in testing the adequacy of the protections applied to the data the government releases. Fourth, linking to information in the government databases could provide important enhancements to the propriety data, providing a significant incentive for individuals and organizations to attempt to link their records to the government data.

Family members of respondents or subjects in administrative datasets are also potential intruders. This is particularly true for data sources that contain sensitive information that other family members know was collected. For example, the National Survey on Drug Use and Health (NSDUH), which is conducted by the Substance Abuse and Mental Health Services Administration (SAMHSA), collects information from teenage children through a questionnaire administered privately to the respondents. Parents will know that their children were respondents but are not privy to the information that their children provide. Before releasing data from the survey, SAMHSA contracted with RTI International to develop a disclosure limitation methodology that would be capable of addressing the exceptional challenges presented by the NSDUH data (National Research Council 2005).4 Another example of potential intruders from the family is former spouses, who may be in a position to realize a financial benefit by gaining knowledge of the finances of their ex-partners following the divorce and may have access to extensive financial and other information prior to the divorce.

4 The MASSC methodology (Singh et al. 2003) developed for this purpose is discussed in Chapter III.

View full report


"rpt_Disclosure.pdf" (pdf, 1.01Mb)

Note: Documents in PDF format require the Adobe Acrobat Reader®. If you experience problems with PDF documents, please download the latest version of the Reader®