Data Anonymization

Overview

• Hash Function Requirements
• Data Anonymization requirements
• Limitations
• Canadian data governance frameworks from information providers
  • Canada-wide
  • Provincial

Hash Function Requirements

1. The hashing function must handle variability in input data, such as common misspellings or variations in name recording, especially relevant in homelessness data collection.
2. It should produce unique IDs for each person, avoiding the situation where two different people result in the same computed ID.
3. The function must prevent the recovery of the initial value parameters, including protection from statistical attacks, potentially requiring the use of multiple keys.
4. The hashed ID should be computed at the source before transmission, meaning organizations cannot simply send data files but need to run a process first.
5. Address secure computation methods to ensure that the protection of pseudonymous data is upheld and no direct access to sensitive data is possible during analytical processes.
6. Manage the cryptographic keys under both basic and strong pseudonymization, including storage, handling, and potential destruction protocols to ensure irreversibility when required.
7. The data sent to DASH should be encrypted and transmitted using a secure protocol.
8. Data stored in the database should be encrypted.
9. The comparison between two IDs must be efficient enough for practical use.
10. The selected hash function is proposed to be NAME+LAST NAME+Month_Year of Birth.

Data Anonymization requirements

1. Use one-way hashing, format-preserving encryption, or privacy-preserving for linking cross-source data while going through an intermediate source anonymization.
2. Data minimization should be observed throughout to collect only relevant data that could be transformed.
3. Follow privacy laws such as PIPEDA, PHIPA, HIA, or any other local privacy laws that are applicable.
4. Carry out frequent risk assessment of re-identification capabilities and adapt methods and policies accordingly.
5. Provide a holistic approach to anonymization that informs the statistical estimators of identifiability and data transformations directly applied to data.
6. Transmission of secured data, for example, HTTPS, TSL or VPN protocols should be used for keeping the information integrity and confidentiality during data transit.
7. Use strong encryption standards such as AES, Triple DES, RSA to encrypt data stored in a database.
8. Keep detailed audit trails and carry out continuous monitoring to identify any unauthorized access or discrepancies in data management.
9. Ensure stringent access control, implement the principle of least privilege, and establish an adequate incident response for possible data breaches.
10. Use an appropriate risk-based anonymization procedure after conducting an analysis on the potential for identifiability estimates and driving the data transformations required for the access or publication of a data set below the identifiability threshold only for secondary purposes.
11. Data governance framework should establish the ethical use of data with societal perspective and data subject rights.
12. Follow the laws when conducting cross-border or cross-provinces transfers of data among the states.
13. Use homomorphic encryption-based secure computation techniques for analyses while maintaining privacy by leaving underlying source data undecrypted.
14. Delete fields or convert them into tokens, pseudonyms, or fake data. Unique fields can be eliminated using data transformations based on publicly known traits.
15. In the case of cryptographic keys, the storage and usage must comply with basic pseudonymization, while strong pseudonymization requires irreversible destruction of keys in a legal context involving secondary usage.
16. Set up the K-anonymity of the data that ensures that each individual is indistinguishable from at least k-1 other individuals in the dataset. This value will represent the smallest group size in which a data subject's information can be ‘hidden’ to preserve anonymity. a higher K-value is recommended to ensure robust privacy.
17. Follow all ethical and legal standards.

Limitations

1. Performance BI could be slow on the encrypted database.
2. If data is to be transferred across provincial or national borders, the system must ensure such transfers comply with all applicable laws and maintain the same level of protection as within Canada. 3. A lack of real-time data and the analysis of this data.
3. There is a likelihood of small errors and typos in the collected information, and the proposed hash function should be able to handle this.
4. If DASH operates across all the provinces, it needs to meet all of the provinces and territories' regulations provided above.
5. Right now we have fake data, so it is really difficult to train the model.
6. We need to fake cross-table constraints - DB forth, and synthetic data does not make sense.
7. People outside of the University of Ottawa do not have access.
8. Power BI cannot support bilingual reports at one time.
9. There is a possibility of missing information for the Hash function, e.g. not everyone can tell the month or year of birth, and the field can be blank.
10. PowerBI dashboard does not have the indicators (the targets against which metrics are assessed) for specific stakeholders.

Canadian data governance frameworks from information providers

Canada-wide

1. Personal Information Protection and Electronic Documents Act (PIPEDA) - is the federal privacy law for private-sector organizations. It sets out the ground rules for how businesses must handle personal information during their commercial activity. – will be changed to the Consumer Privacy Protection Act (CPPA)

2. DND/CAF Data Governance Framework - a structured approach designed to manage and utilize large amounts of data. It focuses on transitioning data access from a 'need to know' to a 'need to share' basis, emphasizing data integration, orchestration, and interoperability.  

3. Canadian Cybersecurity Framework: Developed by the Canadian Centre for Cyber Security, this framework provides standards and guidelines for organizations to follow in order to protect their systems and data from cyber threats.

4. The Canadian Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (TCPS 2): This is important for researchers handling personal data. It provides guidelines for the ethical conduct of research involving human participants, including data governance.

5. CANASA - is a national not-for-profit organization dedicated to advancing the security industry. [VK1] 

6. SCE – Communication Security Establishment

Provincial

1. Personal Health Information Protection Act:  

• Ontario: Personal Health Information Protection Act (PHIPA)
• British Columbia: Personal Information Protection Act (PIPA) for private sectors and the Freedom of Information and Protection of Privacy Act (FIPPA) for public sectors.
• Manitoba: The Personal Health Information Act (PHIA).
• Newfoundland and Labrador: The Personal Health Information Act (PHIA).

2. Health Information Act:

• Alberta: Health Information Act (HIA)
• Saskatchewan: The Health Information Protection Act (HIPA).
• Prince Edward Island: The Health Information Act (HIA).
• Northwest Territories: The Health Information Act (HIA).
• Nunavut: The Health Information Act
• New Brunswick: The Personal Health Information Privacy and Access Act (PHIPAA).
• Yukon: The Health Information Privacy and Management Act (HIPMA).

3. Quebec Act An Act Respecting the Protection of Personal Information in the Private Sector and the Health Information Act.