Carterwood

Assuring data privacy in care home analytics

Carterwood is a consultancy that specialises in providing high-quality market data for the elderly care home sector.

Alongside their advisory services, they have a digital platform that gives subscribers instant access to data for every elderly care market in Great Britain. Recently, the company developed a new module for their analytics platform, providing operators with key indicators to inform their strategic business decisions.  

The Challenge

Like many analytics companies, Carterwood must strike a careful balance between data utility and individual privacy for their digital platform. They need to share enough meaningful information to be worthwhile for their customers, while ensuring they do not compromise the privacy of the individual sources that contributed the sensitive data.  

Providing market-leading data enables Carterwood’s clients to make key strategic decisions. This data must be flexible to provide the custom insights customers need whilst maintaining confidentiality and anonymity for specific care home groups. To ensure that data could not be reverse engineered to garner any commercially sensitive information, Carterwood asked Smith Institute to carry out an independent evaluation of the module to assess areas to tighten data protection and evaluate the associated risk. 

The Solutions

We initially adopted a user-centric approach, engaging with the software as a platform subscriber might. The objective was to reverse engineer sensitive information about data contributors including providers and individual care homes. Our assessment comprised of the following key stages: 

  • Identifying adversarial strategies and techniques that a malicious user could apply to reverse engineer sensitive information from the module.  
  • Evaluating the risk of each of our identified adversarial methods, based on the ease of application alongside the quantity and quality of sensitive information that could be compromised. 
  • Proposing further data anonymisation methods to mitigate against the adversarial strategies we identified, including proactive, forward-thinking approaches that could be used to future proof the module as contributing data increases and more features become available. 
  • Validating mitigation measures that had already been implemented or were proposed for implementation by Carterwood. 

The Result

By applying our analytical expertise and extensive experience in software verification, Smith Institute helped Carterwood to identify edge-case strategies a user could carry out to extract sensitive information from their analytics platform. In addition, Smith Institute advised Carterwood on practical countermeasures that could be put in place to alleviate these risks, exploiting modern mathematical techniques in data fuzzing and the use of robust statistics.  

As a result of our independent evaluation, Carterwood implemented new mitigating measures to further enhance the security of their platform while maintaining its usability. This provides Carterwood clients and contributors with continued assurance on the robustness and utility of the platform and, in turn, helps them make solid decisions on how to expand and improve elderly care home services around the country.  

Sample Pull Out Text Goes Here With Large Stat Graphic Opposit
CUSTOMER TESTIMONIALS
A brilliant project to be involved in, which is showcasing not only the power of AI, but also the benefits of making the actions it suggests explainable to build trust in the results and develop confidence in using them.
Dan Hibbs
Senior Business Intelligence Manager
INSIGHTS & CASE STUDIES

Real-world results, delivered

Explore more of our work to see how we tackle complex challenges and accelerate innovation.

Keep up to date with our work

Get summaries of our latest projects delivered straight to your inbox

Office Address:
Willow Court, West Way, Minns
Business Park. Oxford OX2 0JB
+44 (0) 1865 244011
hello@smithinst.co.uk

© Smith Institute 2024. All rights reserved. Website by Studio Global

Smith Institute Ltd is a company limited by guarantee registered in England & Wales number 03341743 with registered address at 1 Minster Court, Tuscam Way, Camberley, GU15 3YY