Beyond k-Anonymity: A Decision Theoretic Framework for Assessing Privacy Risk

  • Guy Lebanon
  • Monica Scannapieco
  • Mohamed R. Fouad
  • Elisa Bertino
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4302)


An important issue any organization or individual has to face when managing data containing sensitive information, is the risk that can be incurred when releasing such data. Even though data may be sanitized, before being released, it is still possible for an adversary to reconstruct the original data by using additional information that may be available, for example, from other data sources. To date, however, no comprehensive approach exists to quantify such risks. In this paper we develop a framework, based on statistical decision theory, to assess the relationship between the disclosed data and the resulting privacy risk. We relate our framework with the k-anonymity disclosure method; we make the assumptions behind k-anonymity explicit, quantify them, and extend them in several natural directions.


Side Information True Risk Privacy Risk Statistical Decision Theory Dictionary Size 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aggarwal, G., Feder, T., Kenthapadi, K., Motwani, R., Panigrahy, P., Thomas, D., Zhu, A.: Anonymizing Tables. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol. 3363, Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Blum, A., Dwork, C., McSherry, F., Nissim, K.: Practical privacy: The sulq framework. In: Proc. of PODS 2005 (2005)Google Scholar
  3. 3.
    Dinur, I., Nissim, K.: Revealing information while preserving privacy. In: Proc. of PODS 2003 (2003)Google Scholar
  4. 4.
    Duncan, G.T., Keller-McNulty, S.A., Stokes, L.S.: Disclosure Risk vs. Data Utility: The R-U Confidentiality Map. Technical Report 121, National Institute of Statistical Sciences (NISS) (December 2001)Google Scholar
  5. 5.
    Evfimievski, A., Gehrke, J., Srikant, R.: Limiting privacy breaches in privacy preserving data mining. In: Proc. of PODS 2003 (2003)Google Scholar
  6. 6.
    Guidelines for Providing Appropriate Access to Geospatial Data in Response to Security Concerns. Federal geographic data committee (2005),
  7. 7.
    Jaro, M.A.: UNIMATCH: A record linkage system, user’s manual. In: Washington DC: U.S. Bureau of the Census (1978)Google Scholar
  8. 8.
    Lakshmanan, L.V.S., Ng, R.T., Ramesh, G.: To do or not to do: the dilemma of disclosing anonymized data. In: Proc. of SIGMOD 2005 (2005)Google Scholar
  9. 9.
    Samarati, P., Sweeney, L.: Generalizing data to provide anonymity when disclosing information (abstract). In: Proc. of PODS 1998 (1998)Google Scholar
  10. 10.
    Wald, A.: Statistical Decision Functions. Wiley, Chichester (1950)zbMATHGoogle Scholar
  11. 11.
    Zhong, S., Yang, Z., Wright, R.N.: Privacy-enhancing k-anonymization of customer data. In: Proc. of PODS 2005 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Guy Lebanon
    • 1
  • Monica Scannapieco
    • 2
  • Mohamed R. Fouad
    • 1
  • Elisa Bertino
    • 1
  1. 1.Purdue UniversityUSA
  2. 2.ISTAT and Università di Roma “La Sapienza”Italy

Personalised recommendations