Fear about exposure of personally identifiable information was less rampant in 2001. Information systems had fewer individual student records, Internet access to them was less ubiquitous, and user skills to re-identify individuals were less universal. The rapid expansion of state-level unit-record reporting systems and longitudinal data systems inspired by the No Child Left Behind Act had not yet begun.
So when we dreamed up the Salsa Scale (aka Salsa Granularity Scale, Exhibit A), the idea was to encourage database developers to include more individual student details. Granularity was a desirable attribute. Protecting the confidentiality of those granules was a future, yet to be ubiquitous dilemma.
Now it’s time to enhance the Salsa Scale to encompass personally identifiable information (PII). Amazingly, the Scale works for PII. As granularity is introduced into databases, de-identification hides PII. As granularity becomes less, individual identities may still be deciphered by knowledgeable persons, so masking techniques are applied to reduce the exposure of an individual’s identity.
Ultimately, the name, Salsa Scale, which worked so visually for granularity, lost some of its charm for PII. So, we now have the PII Chart, of course. There are still the familiar five levels. They still correspond to five degrees of granularity. However, the new name relates in a more modern way to refer to today’s topic of interest—protecting personally identifiable information.
Follow & respond to #ESPTwiminar12.1 #SalsaandPII How to capture the essence of #confidentiality https://t.co/LOCmvLnE0H.
— ESP Solutions Group (@espsg) January 9, 2017
#ESPTwiminar12.2 Get paper https://t.co/Kw0otH1k7w with all #SalsaandPII insights from ESP with examples and full PII Chart. #PII
— ESP Solutions Group (@espsg) January 9, 2017
#ESPTwiminar12.3 #SalsaandPII Original Salsa Scale defined granularity as crucial for databases in 2001. Now protecting #PII is ubiquitous.
— ESP Solutions Group (@espsg) January 9, 2017
#ESPTwiminar12.4 #SalsaandPII New #PII Chart defines 5 methods/levels of storing or reporting individuals’ data.
— ESP Solutions Group (@espsg) January 9, 2017
#ESPTwiminar12.5 #SalsaandPII #PII Chart Level 1: Personally Identifiable Records = 0% confidentiality like baseball box score.
— ESP Solutions Group (@espsg) January 11, 2017
#ESPTwiminar12.6 #SalsaandPII #PII Chart Level 2: #DeIdentified = 0%-100% confidential depending on method. Longitudinal records iffier.
— ESP Solutions Group (@espsg) January 11, 2017
#ESPTwiminar12.7 #SalsaandPII #PII Chart Level 3: Unmasked Aggregation = 0%-100% confidential depending on knowledge of viewer.
— ESP Solutions Group (@espsg) January 11, 2017
#ESPTwiminar12.8 #SalsaandPII #PII Chart Level 4: Masked Aggregation = 0%-100% confidential depending on knowledge of viewer.
— ESP Solutions Group (@espsg) January 11, 2017
#ESPTwiminar12.9 #SalsaandPII #PII Chart Level 5: Massive Aggregation = 100% confidential. #personallyidentifiableinformation
— ESP Solutions Group (@espsg) January 12, 2017
#ESPTwiminar12.10 #SalsaandPII #PII Why Personally Identifiable? Should be “Publicly Identifiable.” We can personally ID our own info.
— ESP Solutions Group (@espsg) January 12, 2017
#ESPTwiminar12.11 Get paper https://t.co/UfS040ll9m with all #SalsaandPII #PII insights from ESP, with examples and full PII Chart.
— ESP Solutions Group (@espsg) January 17, 2017
#ESPTwiminar12.12 Claim your badge, https://t.co/jFOY9ne21K, and access the complete white paper, https://t.co/D9zOxvacfh, on #SalsaandPII.
— ESP Solutions Group (@espsg) January 17, 2017