Trusted third party for data matching

A trusted third party is an independent entity which has no stakes in using either source or resulting data guaranteeing the confidentiality of directly identifying data (data which can be used to identify someone).

CASD was selected by Equipex (a French public research funding scheme). 6 axes were submitted including one on matching methodology and on the trusted third party role CASD could play. The international jury insisted on this aspect and deemed it as the most crucial of all possible aspects.

To match data from different producers while ensuring confidentiality, a trusted third party is necessary.

Schema for a standard data matching operation on hashed identifying data

CASD aims to guarantee the data confidentiality demanded by producers and CNIL (the French authority on digital confidentiality) when matching data.

CASD’s main mission is to make confidential data available in a highly secure manner. Other CASD missions include data documentation, research support, training and data matching.

To make data available, CASD hosts its own servers, ensuring that data cannot be retrieved form this secure environment. Users must connect from an CASD-authorized IP address, and use both an SD-Box and a biometric card (both supplied by CASD).

CASD and the prerequisites defining a trusted third party

CASD is made of 27 people in “business poles”:

  • A Datascience and IT infrastructure department for daily management, R&D in datascience and IT security.
  • A Statistics department specialized in collecting and formatting, documenting data and ensuring that the French statistical secrecy rules are respected (output checking).
  • A Project Management Service responsible for all organizational and administrative issues.

All processing operations linked to data matching are done in the highly secure IT infrastructure, to which even CASD staff must securely connect through a secure SD-Box.

CASD staff are not researchers and have no vested interest in the data, its stakes, or research results.

All CNIL prerequisites to qualify as a trusted third party are met: independence, no conflict of interest, etc.

For any extra information regarding trusted third party operations: