Risks Associated with Transactional Data

Recently, as the importance of analytics and business intelligence has grown, so has the demand within an organization for the transactional data underlying it. To make matters worse, more companies will be asked by government agencies and third parties for access to transactional data and summarized forms of it. With this growing demand comes increased risk that transactional data will be compromised, possibily harming a company's brand.

Privacy preserving data processing is an emerging discipline whose goal is to monitor, summarize, analyze, and mine transactional and related data in as a secure and privacy preserving fashion as possible. As a simple example, with secure data processing transactional personally identifiable data is masked prior to its analysis and mining. In addition, attributes may be encrypted or changed in some way so that even if the data is exposed, the harm is minimal. For example, one technique is to add small amounts of noise to various fields with the property that essentially the same analytic model is produced but even if the data is exposed no data about individuals and their transactions is compromised.

Although privacy preserving data processing is not a mature field, some of the techniques and best practices, if employed today, could significantly reduce the risk faced by companies with sensitive transactional data.

In addition, secure data processing and privacy preserving data could be used today to guide policies and procedures used by a company related to the use of transactional data for analytics, for query and reporting, for quality control, and related purposes.

Privacy Preserving Data Processing

A variety of techniques and approaches are used in privacy preserving data processing.

• For some types of operational and analytical uses, personally identifying information (PII) can be masked, encrypted, or transformed in some other way so that the associated business process are not impacted but any PII that is removed.
• More specifically, for many purposes, customer IDs could be replace by surrogate identifiers. When required for special purposes, the surrogate identifiers could be used to retrieve the customer numbers.
• Transactional data can be processed to produce certain statistical counts and summaries, which mask individual data, but still provide enough statistical information so that powerful analytic models can be built. These statistical counts can be shared safely, even with third parties. This approach has long be used by the US Census. For example, data summarized in this form could be used by outside parties to build certain analytic models without exposing individual transactional level data.
• It is possible to encrypt statistical and data mining models, and yet still use them for scoring. This makes their distribution to third parties a possibility. The Data Mining Group, which is a vendor led consortium developing standards in data mining and business intelligence, designed the Predictive Model Markup Language or PMML standard partly with these types of applications in mind. Scoring using a secure or privacy preserving description of the model is sometimes called Secure PMML.
• Summaries and statistical models can be built from segregated databases by using multi-party crytographic protocols. This is possible, even if the data is distributed. This type of technology is less mature than the other technologies mentioned above.
• A related technique is to modify attributes which are the inputs to models in such a way that powerful analytic models can still be built, but no raw information about the original transactions is exposed. In certain cases, this can be done by adding a random offset to the values or by adding small amounts of noise.

For More Information

For more information, please contact Open Data Partners www.opendatagroup.com.

About the Author

Robert Grossman is the President of Open Data Partners, which provides consulting services, outsourced data services, and litigation support services related to data. He is also the Director of the Laboratory for Advanced Computing at the University of Illinos at Chicago, which develops internet-based technologies. He has written over 100 papers and edited four books in data mining, business intelligence, direct marketing, e-business, high performance computing, and related areas. He has a Ph.D. from Princeton and a A.B. from Harvard.

Copyright

This article is copyrighted by Robert L. Grossman, 2003.