Mortalityrating and GDPR

Previously our mortalityrating.com service processed a simple file format that included postcode, gender and date of birth alongside pension amount and commencement date for individuals in an occupational pension scheme. This combination of attributes when taken together is often capable of identifying "natural persons" in the language of the upcoming EU General Data Protection Regulation (GDPR). Some might choose to mitigate risk by deleting scheme data as soon as ratings complete. However, an alternative approach would be to perform ratings without requiring a combination of attributes that may be personally identifiable. How could such a thing be acheved?

An important observation is that a postcode does not, in and of itself, contain any personal data about an individual, and various statistics about existing postcodes are freely available in the UK. We therefore created a facility whereby a list of postcodes could be uploaded without any context and turned into numeric proxy values. These proxy values can then be used in any future rating operations. Proxy values do not map one-to-one onto postcodes and, crucially, cannot be reversed back to the original postcode values.

If a personal data obfuscation process is reversible, then under GDPR that data is considered pseudonymised. GDPR encourages pseudonymisation, but although advantageous in many ways, such data still carries re-identification risk via the reversal process, and is thus still subject to the regulation. However, where the process is not reversible and carries no reasonable risk of re-identification, then the data have been anonymised and no longer count as personal data.

Combining the effect of postcode proxies with the fact that mid-month dates of birth have no appreciable impact on rating percentages, we can create rating files with no postcodes or real dates of birth and still achieve accurate results. An example of such depersonalised data is shown below:

Depersonalised rating data

Is there any downside? Apart from a small amount of additional preparation, not really. One consideration is that without embedded postcodes the rating report cannot contain a postal district heatmap. For that reason our latest release allows the creation of any number of such a heatmaps from standalone files of postal districts and individual or aggregate pension amounts. An example of one we baked earlier is shown below!

Standalone postal district heatmap

 

mortalityrating.com

mortalityrating.com helps people set mortality bases for portfolios of pensions in payment in the United Kingdom.  It is primarily intended for situations where there is insufficient experience data for the portfolio itself.  The most common application is for small- and medium-sized defined-benefit pension schemes 

Previous posts

Stopping the clock on the Poisson process

"The true nature of the Poisson distribution will become apparent only in connection with the theory of stochastic processes\(\ldots\)"

Feller (1950)

Tags: Filter information matrix by tag: Poisson distribution, Filter information matrix by tag: survival models

Thymus of the essence?

We've considered cancer and its relationship to aging on a number of previous occasions. Studies published in the British Journal of Cancer in 2011 and 2018 concluded that around 40% of cases are attributable to known modifiable lifestyle and environmental factors, which is a substantial minority.
Tags: Filter information matrix by tag: longevity, Filter information matrix by tag: research, Filter information matrix by tag: cancer, Filter information matrix by tag: immunotherapy, Filter information matrix by tag: immunosenescence

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.