#ESPTwiminar12–Salsa & PII

Fear about exposure of personally identifiable information was less rampant in 2001.  Information systems had fewer individual student records, Internet access to them was less ubiquitous, and user skills to re-identify individuals were less universal.  The rapid expansion of state-level unit-record reporting systems and longitudinal data systems inspired by the No Child Left Behind Act had not yet begun.

So when we dreamed up the Salsa Scale (aka Salsa Granularity Scale, Exhibit A), the idea was to encourage database developers to include more individual student details.  Granularity was a desirable attribute.  Protecting the confidentiality of those granules was a future, yet to be ubiquitous dilemma.

Now it’s time to enhance the Salsa Scale to encompass personally identifiable information (PII).  Amazingly, the Scale works for PII.  As granularity is introduced into databases, de-identification hides PII.  As granularity becomes less, individual identities may still be deciphered by knowledgeable persons, so masking techniques are applied to reduce the exposure of an individual’s identity.

Ultimately, the name, Salsa Scale, which worked so visually for granularity, lost some of its charm for PII.  So, we now have the PII Chart, of course.  There are still the familiar five levels.  They still correspond to five degrees of granularity.  However, the new name relates in a more modern way to refer to today’s topic of interest—protecting personally identifiable information.