Abstract
An important issue any organization or individual has to face when managing data containing sensitive information, is the risk that can be incurred when releasing such data. Even though data may be sanitized, before being released, it is still possible for an adversary to reconstruct the original data by using additional information that may be available, for example, from other data sources. To date, however, no comprehensive approach exists to quantify such risks. In this paper we develop a framework, based on statistical decision theory, to assess the relationship between the disclosed data and the resulting privacy risk. We relate our framework with the k-anonymity disclosure method; we make the assumptions behind k-anonymity explicit, quantify them, and extend them in several natural directions.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aggarwal, G., Feder, T., Kenthapadi, K., Motwani, R., Panigrahy, P., Thomas, D., Zhu, A.: Anonymizing Tables. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol. 3363, Springer, Heidelberg (2004)
Blum, A., Dwork, C., McSherry, F., Nissim, K.: Practical privacy: The sulq framework. In: Proc. of PODS 2005 (2005)
Dinur, I., Nissim, K.: Revealing information while preserving privacy. In: Proc. of PODS 2003 (2003)
Duncan, G.T., Keller-McNulty, S.A., Stokes, L.S.: Disclosure Risk vs. Data Utility: The R-U Confidentiality Map. Technical Report 121, National Institute of Statistical Sciences (NISS) (December 2001)
Evfimievski, A., Gehrke, J., Srikant, R.: Limiting privacy breaches in privacy preserving data mining. In: Proc. of PODS 2003 (2003)
Guidelines for Providing Appropriate Access to Geospatial Data in Response to Security Concerns. Federal geographic data committee (2005), http://fgdc.er.usgs.gov/fgdc/homeland/access_guidelines.pdf
Jaro, M.A.: UNIMATCH: A record linkage system, user’s manual. In: Washington DC: U.S. Bureau of the Census (1978)
Lakshmanan, L.V.S., Ng, R.T., Ramesh, G.: To do or not to do: the dilemma of disclosing anonymized data. In: Proc. of SIGMOD 2005 (2005)
Samarati, P., Sweeney, L.: Generalizing data to provide anonymity when disclosing information (abstract). In: Proc. of PODS 1998 (1998)
Wald, A.: Statistical Decision Functions. Wiley, Chichester (1950)
Zhong, S., Yang, Z., Wright, R.N.: Privacy-enhancing k-anonymization of customer data. In: Proc. of PODS 2005 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lebanon, G., Scannapieco, M., Fouad, M.R., Bertino, E. (2006). Beyond k-Anonymity: A Decision Theoretic Framework for Assessing Privacy Risk. In: Domingo-Ferrer, J., Franconi, L. (eds) Privacy in Statistical Databases. PSD 2006. Lecture Notes in Computer Science, vol 4302. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11930242_19
Download citation
DOI: https://doi.org/10.1007/11930242_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49330-3
Online ISBN: 978-3-540-49332-7
eBook Packages: Computer ScienceComputer Science (R0)