Established TRA guidelines, designed for confidential government contexts, do not always adapt easily to emerging contexts involving big data assets and data sharing. We suggest a new approach that integrates Canadian TRA guidelines with empirically-based privacy risk metrics to provide concrete guidance for sharing de-identified personal data assets.
For the full whitepaper on Big Data Threat Risk Assessment please email firstname.lastname@example.org.
Some time ago, we published an article titled, “Threat Risk Assessments and Big Data: Time for a New Approach?” in which we discussed the challenges of applying the Canadian government’s Threat and Risk Assessment (TRA) guidelines to big data assets, such as aggregated healthcare databases. The Canadian TRA guidelines, as outlined in the Canadian Information Security and Privacy Classification Policy (2005) and Harmonized Threat and Risk Assessment Methodology (2007), are clearly designed for political contexts where information is to be contained, rather than shared as in healthcare and academic research contexts. This leads to a couple of problems. First, big data assets containing personal information (e.g., healthcare records) tend to be classified as high risk, resulting in the requirement of costly safeguards. Second, TRA guidelines do not adequately address privacy as an issue distinct from security. For instance, they do not explicitly recognize that sharing personal information assets with a trusted third party can violate citizens’ privacy rights, even if the third party’s security safeguards are adequate.
Both of these problems can be addressed by de-identification. Removing identifying information (e.g., names, health card numbers, dates) from records allows organizations to minimize the privacy risk involved in data sharing. De-identification reduces the sensitivity of information, which would logically lessen the need for extensive security safeguards. However, Canada’s official risk classification guidelines do not explicitly consider de-identification as a factor in risk evaluation; only security safeguards are discussed as risk mitigation factors. An assessment methodology that evaluates de-identification and security safeguards as complementary strategies for reducing privacy risk could enable more accurate risk assessment and more effective investment in privacy-protecting technologies.