This article will provide a high level overview of Senate Matching. For more detailed information, please review the other articles in this collection or download the Senate Matching Whitepaper.
Data Republic's Senate Matching service employs a 'Private by Design' approach by separating the anonymised data and systems handling PII. The security of Data Republic’s Senate platform is second-to-none with full encryption of data, network segregation, and continuous hardening principles applied when developing the platform.
What is Senate Matching?
Senate Matching is Data Republic’s service for privacy preserving record linkage (PPRL). Using this service, Data Custodians generate randomized tokens to replace Personally Identifiable Information (PII) in data uploaded to Senate. This ensures that data in Senate is not directly tied to an individual’s identity.
Using Senate Matching, organisations can de-identify data, while still preserving the capability to match records between de-identified records. Matching of datasets with tokens only occurs through authorized match requests approved by Data Custodians.
Senate Matching features three types of virtual machines in it's architecture:
Tokenization, hashing, slicing and distribution of PII
The Contributor Node is the technical component of the Senate Matching service which generates tokens and hashes and slices PII.
There are two contributor nodes for each match; one your organisation and one for the organisation you intend to match with. Both data custodians install a contributor node in their organisation’s environment. This ensures that PII never leaves the organisation. The Data Custodians upload data sets into the Contributor node. All PI is hashed prior to being sent to the node (and is also encrypted in transit via SSL when being sent to the node). The node assigns a randomised token for each customer record, and returns the token back to the contributor. The PII is cleansed, salted and hashed into parts which are distributed amongst the Matcher Nodes.
Find out more about Contributor Nodes
Decentralized storage of hashed and sliced PII fragments
The Matcher Node is the technical component in the Data Republic Matching network that stores hashed splices of PII during the tokenization process. This means that no one Matcher Node can contain an entire hashed field value for PII. Even if a matcher node is compromised, only a fragment of a hash could be extracted, significantly reducing the risk of exposure. When a request for matching is made, the Matcher Node compares hash splits for each token and returns Token pairs to an Aggregator Node.
Find out more about Matcher Nodes
Executes match requests and filters results from Matcher Nodes
As soon as a match request is authorised in Senate, an Aggregator Node communicates with the Matcher Node to generate lists of token pairs that may match.
Finally, the aggregator node filters out false positives and provides a final match table to Senate. Senate loads a masked version of the token pair table into a Discovery Workspace for analysis.
Find out more about Aggregator Nodes
Managing matching projects on Senate
A data Match using Senate Matching Technology can be requested via an approved data license in Senate.
For more information on how to create a license please see Creating and Approving a Data License.