I am frequently approached for advice on matters to do with privacy, anonymisation and data protection. I operate 1 hour clinic system to process these and am now selective about the cases I take on in order to control volume. I have driven forward my primary research area as joint research and impact area. The portfolio of work has developed through the interlacing of research grants from research councils and research contracts with ONS and consultancy with other agencies. The work for ONS has been a key part of their review of the data dissemination practice and has led to new standards being adopted. As ONS say in a testimonial letter:
“work carried out by Dr Elliot continues to have an impact on the way we conduct our assessment of risk at ONS [and] ONS occasionally use the Skinner and Elliot (2002) metric to assess microdata releases which come to us for approval via our Microdata Release Panel and in particular a significant contribution consistently used is Dr Elliot’s concept of special uniqueness involving the identification of uniques that stand out regardless of geography. Many of his research ideas have been fundamental in informing GSS Disclosure Control Policy for Social Survey Microdata”.
Demonstrating the practical application of the theoretical work conducted in my academic work on SDC is another important benefit of these contracts. It is important to note that this work often sits across the boundary of consultancy and research with innovation being required to deliver the consultancy. In all, I have authored/co-authored twenty one reports to organisations on various aspects of the disclosure risk profile of their datasets/dissemination policy (see Other Publications: Research Equivalent above for more details). For example in a testimonial letter Telefonica says that my report ‘A Disclosure Risk Audit of the Smart Steps Data Service’:
“has been crucial in understanding any potential risks to the reputation of Telefonica in launching such a product. For example, the risks of providing information at multiple units of geography and highlighting the need to suppress small counts in remote areas to ensure individuals can't be identified through reverse engineering”.
Selected examples (since 2014): ♦ Chief Scientific Adviser for National Security: Advice on applications of anonymisation to national security ♦ Cathartic (web service): Advice on anonymous communications ♦ European Medical Association: Advice on their new anonymisation policy ♦ NHS Digital: Advice on their new anonymisation policy ♦ European Commission Directorate General for Communications Networks, Content & Technology: Setting up a EU equivalent to UKAN ♦ HSISC: Their New Anonymisation policy ♦ Transport for London: linkage of oyster card data with mobile phone data ♦ Electricity NW: Anonymisation and reuse of smart meter data ♦ Department for Communities and local government: open data version of the food and consumption survey ♦ Living Stream: DP compliance of data they collecting for their transport management service ♦ Department for Communities and local government: Publication of energy performance data ♦ Oxfam GB: Their open data/ data sharing policy ♦ Care and Social Services Inspectorate Wales: Service care user data and transparency ♦ General Medical Council: Publication of data on doctors registrations and career progressions ♦ Bank of England: Data flows from UK banks to BOE for auditing of loan risk exposure ♦ NHS England Commissioning Unit: Advice on data transfers within and outside of NHS ♦ Yorkshire Building Society: re-use of customer data for research ♦ Danish Business Authority: Discussion of Privacy models for data sharing ♦ Telefonica: The design of internal firewall system in their data science unit ♦ Inria/CNIL, Paris: Setting up an Anonymisation Network in France ♦ NHS Litigation Authority: The relationship between data protection and anonymisation, FOI and data services ♦ DECC: Advice on a penetration study on housing data ♦ BIS: Making FE enrolment data open data ♦ The Royal Academy of Engineering: Anonymisation and Tracking of Diversity Data ♦ General Medical Council: The data protection issues arising from the legal requirement to make reports on abuse cases openly available