Stata The Stata listserver
[Date Prev][Date Next][Thread Prev][Thread Next][Date index][Thread index]

RE: st: Encrypting and decrypting a field

From   "Nick Cox" <>
To   <>
Subject   RE: st: Encrypting and decrypting a field
Date   Fri, 1 Apr 2005 11:21:38 +0100

Here is what may be a very naive answer. 

I wouldn't want people to give me data that 
were sensitive if they didn't trust me, or 
the security of the systems I work on. And 
I certainly can't vouch that the latter are 

Why isn't the onus on the data supplier to 
do the encrypting themselves? 


Joseph Coveney
> wrote:
> I will be receiving data files that include as the primary ID a social
> security number (SSN). Yes, using SSNs as IDs is a worrisome 
> practice, but
> the agency we are dealing with is not going to change this 
> policy, at least
> in the near term.
> I am obligated to protect the privacy of this information, 
> and if the data
> production were a one-time event, I could use some variant of 
> a uniformly
> distributed random number to generate an alternative ID and keep the
> cross-walk between the SSN and the uniform random number locked in a
> separate location. However, there will be ongoing updates 
> that will require
> match merges based on the SSN, along with the addition of new 
> cases to the
> population.
> Has anyone on the list developed code for 
> encrypting/decrypting a field
> that they could send me? I know that there is C++ code in the 
> free Cryptlib
> toolkit but I would prefer not to have to plunge into this unless it's
> really necessary.
> --------------------------------------------------------------
> --------------
> Did you ever receive a response to this?
> I can't answer about encrypting variables, but I would be 
> interested in
> knowing how others in the Stata user community are 
> approaching this, how
> they are adapting the ways in which they use Stata to meet 
> the demands of
> their institutions' data-protection or privacy-protection policies.
> For example, if it is used as a client application with a 
> database residing
> on a server elsewhere on campus, I assume that there wouldn't be any
> unexpected glitch using Stata with the various protocols for 
> tunneling ODBC
> traffic.  And I assume that policy would require users to be 
> trained in
> proper procedure, but are institutions requiring Stata be 
> "qualified" in
> some respect before allowing its use on privacy-protected data?

*   For searches and help try:

© Copyright 1996–2015 StataCorp LP   |   Terms of use   |   Privacy   |   Contact us   |   What's new   |   Site index