Estimation of Treatment Effects from Combined Data: Identification versus Data Security

The security of sensitive individual data is a subject of indisputable importance. One of the major threats to sensitive data arises when one can link sensitive information and publicly available data. In this paper the authors demonstrate that even if the sensitive data are never publicly released, the point estimates from the empirical model estimated from the combined public and sensitive data may lead to a disclosure of individual information. Their theory builds on the work in Komarova, Nekipelov and Yakovlev (2011) where they analyze the individual disclosure that arises from the releases of marginal empirical distributions of individual data. The disclosure threat in that case is posed by the possibility of a linkage between the released marginal distributions. In this chapter, they analyze a different type of disclosure. Namely, they use the notion of the risk of statistical partial disclosure to measure the threat from the inference on sensitive individual attributes from the released empirical model that uses the data combined from the public and private sources. As the main example the authors consider a treatment effect model in which the treatment status of an individual constitutes sensitive information.