What's private, and why do we care?

Data Privacy and Anonymization in Python

Rebeca Gonzalez

Data engineer

Facebook and Cambridge Analytica scandal

Impact of data privacy

Unauthorized access to 87 million people's personal information
Build psychological profiles of American voters
Persuade them during political campaigns

Mark Zuckerberg in court facing the consequences of not complying with data privacy rights

What's privacy?

People walking on the street

Information flow and privacy

Facial recognition system applied to the face of a woman in the street, at the same time a GPS icon is above her head

Information flow and privacy

How your personal information flows

"The ability to ensure flows of information that satisfy social and legal norms."

Facial recognition system applied to the face of a woman in the street, at the same time a GPS icon is above her head

Personally identifiable information (PII)

Data that, when used alone or with other relevant data, can identify someone.

Paper form with space for writing personal information details, and a pen

Sensitive PII

Clearly about someone
Exposure can lead to harm, embarrassment or inconvenience

Drawing of a man and popups around him with what it seems personal information

Sensitive PII

Full name
Social Security Number (SSN)
Financial information
Medical records

GDPR image showing the maximum penalties for those who don't comply with the regulations

Non-sensitive PII

Data that cannot be used alone to trace a person

Gender
Occupation
Zip code
City of birth

Non-sensitive PII

Data that cannot be used alone to trace a person, such as gender, occupation, zip code, or city of birth.

Gender
Occupation
Zip code
City of birth

Still can be used with other information to identify someone!

Text saying "Head of government in Europe" and a birth date, along with lines pointing to the face of Angela Merkel

¹ Photo of Angela Merkel from Wikimedia Commons.

GDPR: EU General Data Protection Regulation

Protects PII of people living, or whose data is processed, within Europe.

Lawfulness, fairness, and transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation

Learn more here

GDPR image showing the maximum penalties for those who don't comply with the regulations

Data suppression

Removing selected information to protect the privacy of subjects.

Attribute suppression

Removing columns entirely

Cell/record suppression

Removing or replacing data in rows or cells

Attribute suppression on a dataset

# Attribute suppression on Sensitive PII "name"
suppressed_salaries = salaries.drop('name', axis="columns")


# Explore obtained dataset
suppressed_salaries.head()

     gender    status    salary     pay_basis    position_title
0    Male    Employee    64400.0    Per Annum    DEPUTY DIRECTOR
1    Male    Employee    43600.0    Per Annum    ASSOCIATE DIRECTOR
2    Male    Employee    120000.0   Per Annum    SPECIAL ASSISTANT TO THE PRESIDENT AND DEPUTY ...
3    Male    Employee    86200.0    Per Annum    LEAD ADVANCE REPRESENTATIVE
4    Male    Employee    106000.0   Per Annum    SPECIAL ASSISTANT TO THE PRESIDENT AND DIRECTO...

Record suppression on a dataset

# Explore the DataFrame
salaries.head()

      hours    performance    salary 
0     72       51             $80,500.00 
1     20       99             $2,805,000.00 
3     75       62             $75,800.00 
4     74       58             $60,000.00 
5     70       54             $79,000.00

Record suppression on a dataset

# Drop rows with salaries higher than 2,000,000
salaries = salaries.drop(salaries[salaries.Salary > 2000000].index)

# See reasulting DataFrame
salaries.head()

      hours    performance    salary 
0     72       51             80500 
2     75       62             75800 
3     74       58             60000 
4     70       54             79000 
5     68       53             62000

Suppression and linkage attacks

Image showing two tables: one in the left with resulting medical data after attribute suppression was applied and on the right voter registration data with some of the same data from the other table

Let's practice!

Data Privacy and Anonymization in Python

What's private, and why do we care?

Facebook and Cambridge Analytica scandal

Impact of data privacy

What's privacy?

Information flow and privacy

Information flow and privacy

Personally identifiable information (PII)

Sensitive PII

Sensitive PII

Non-sensitive PII

Non-sensitive PII

Still can be used with other information to identify someone!

GDPR: EU General Data Protection Regulation

Key principles of the GDPR

Data suppression

Attribute suppression

Cell/record suppression

Attribute suppression on a dataset

Record suppression on a dataset

Record suppression on a dataset

Suppression and linkage attacks

Let's practice!