Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2019 May 23;4(1):1094.
doi: 10.23889/ijpds.v4i1.1094.

Privacy preserving linkage using multiple match-keys

S M Randall  1 A P Brown  1 A M Ferrante  1 J H Boyd  1
Affiliations

Privacy preserving linkage using multiple match-keys

S M Randall et al. Int J Popul Data Sci. .

Abstract

Introduction: Available and practical methods for privacy preserving linkage have shortcomings: methods utilising anonymous linkage codes provide limited accuracy while methods based on Bloom filters have proven vulnerable to frequency-based attacks.

Objectives: In this paper, we present and evaluate a novel protocol that aims to meld both the accuracy of the Bloom filter method with the privacy achievable through the anonymous linkage code methodology.

Methods: The protocol involves creating multiple match-keys for each record, with the composition of each match-key depending on attributes of the underlying datasets being compared. The protocol was evaluated through de-duplication of four administrative datasets and two synthetic datasets; the 'answers' outlining which records belonged to the same individual were known for each dataset. The results were compared against results achieved with un-encoded linkage and other privacy preserving techniques on the same datasets.

Results: The multiple match-key protocol presented here achieved high quality across all datasets, performing better than record-level Bloom filters and the SLK, but worse than field-level Bloom filters.

Conclusion: The presented method provides high linkage quality while avoiding the frequency based attacks that have been demonstrated against the Bloom filter approach. The method appears promising for real world use.

PubMed Disclaimer

Conflict of interest statement

Statement on conflicts of interest: The authors declare they have no conflict of interest.

Figures

Figure 1: Privacy preserving linkage using an independent third party
Figure 1: Privacy preserving linkage using an independent third party
See this image and copyright information in PMC

References

    1. Vatsalan D, Christen P, Verykios VS. A taxonomy of privacy-preserving record linkage techniques. Information Systems. 2013;38(6):946-69, 10.1016/j.is.2012.11.005 - DOI
    1. Culnane C, Rubinstein BI, Teague V. Options for encoding names for data linking at the Australian Bureau of Statistics. arXiv preprint arXiv:180207975. 2018
    1. Office for National Statistics. Beyond 2011: Matching Anonymous Data. 2013 Available from: https://www.ons.gov.uk/ons/about-ons/who-ons-are/programmes-and-projects....
    1. Karmel R. Data linkage protocols using a statistical linkage key Canberra: Australian Institute of Health and Welfare; 2005.
    1. Schnell R, Richter A, Borgs C, editors. A Comparison of Statistical Linkage Keys with Bloom Filter-based Encryptions for Privacy-preserving Record Linkage using Real-world Mammography Data. Proceedings of the 10th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2017); 2017, 10.5220/0006140302760283 - DOI

LinkOut - more resources