In recent years, the level of detail in confidential data made available to social scientists has increased dramatically. Much of this has been due to the growth in secure data access facilities, which allow access to the most detailed data under strictly controlled conditions.
One element of that control is checking to ensure that statistical outputs do not present any residual disclosure risk. Traditionally this has been managed by specifying rules for researchers to follow, but it is increasingly recognised that a ‘principles-based’ approach can be both more secure and more cost-effective.
The principles-based approach requires a higher level of expertise from the facility managers, and places the subjective assessment of risk at the forefront of decision-making; these two factors often make facility managers uncomfortable. In addition, knowledge of this approach is concentrated amongst a relatively small community, whereas the rules-based model has been the dominant approach for half a century; facility managers may not be aware that there is an alternative perspective.
This paper reviews the arguments for the two different approaches. The two are not mutually exclusive: both take simple rules as a starting point, but the rules-based approach also finishes there. This has advantages in some circumstances, but this paper demonstrates that the value of the principles-based approach increases with the sensitivity of the data and gives more freedom to the researchers to innovate.
The paper considers how the two approaches can be implemented. It notes that, although the principles-based model requires greater initial investment by both the facility managers and researchers, the necessary training can bring substantial auxiliary benefits to the facility manager. The paper therefore concludes that a principles-based approach has advantages in many circumstances, and it is essential for the remote research data centres which dominate access solutions for the most sensitive data.
Ritchie, F., & Elliot, M. (2015). Principles- versus rules-based output statistical disclosure control in remote access environments. IASSIST quarterly / International Association for Social Science Information Service and Technology, 2015(Summer), 5-13