Article

Privacy and confidentiality management for the microaggregation disclosure control method: disclosure risk and information loss measures

Authors:

Traian Marius Truta,

Farshad Fotouhi,

Daniel Barth-JonesAuthors Info & Claims

WPES '03: Proceedings of the 2003 ACM workshop on Privacy in the electronic society

Pages 21 - 30

https://doi.org/10.1145/1005140.1005144

Published: 30 October 2003 Publication History

Abstract

In this paper, we first introduce minimal, maximal and weighted disclosure risk measures for microaggregation disclosure control method. Our disclosure risk measures are more applicable to real-life situations, compute the overall disclosure risk, and are not linked to a target individual. After defining those disclosure risk measures, we then introduce an information loss measure for microaggregation. The minimal disclosure risk measure represents the percentage of records, which can be correctly identified by an intruder based on prior knowledge of key attribute values. The maximal disclosure risk measure considers the risk associated with probabilistic record linkage for records that are not unique in the masked microdata. The weighted disclosure risk measure allows the data owner to compute the risk of disclosure based on weights associated with different clusters of records. Information loss measure, introduced in this paper, extends the existing measure proposed by Domingo-Ferrer, and captures the loss of information at record level as well as from the statistical integrity point of view. Using simulated medical data in our experiments, we show that the proposed disclosure risk and information loss measures perform as expected in real-life situations.

References

[1]

Adam N. R., Wortmann J. C. (1989), Security Control Methods for Statistical Databases: A Comparative Study, ACM Computing Surveys, Vol. 21, No. 4.

Digital Library

[2]

Ash R. B. (1965), Information Theory. Wiley-Interscience, New York (republished in 1990 by Dover, Mineola, NY).

[3]

Bethlehem J. G., Keller W. J., Pannekoek J. (1990), Disclosure Control of Microdata, Journal of the American Statistical Association, Vol. 85, Issue 409, 38--45.

[4]

Chen, G., Keller-McNulty, S., (1998), Estimation of Deidentification Disclosure Risk in Microdata, Journal of Official Statistics, Vol. 14, No. 1, 79--95.

[5]

Dalenius T., Reiss S. P. (1982), Data-Swapping: A Technique for Disclosure Control, Journal of Statistical Planning and Inference 6, 73--85.

[6]

Domingo-Ferrer J., Mateo-Sanz J. (2002), Practical Data-Oriented Microaggregation for Statistical Disclosure Control, IEEE Transactions on Knowledge and data Engineering, Vol. 14, No. 1, 189--201.

Digital Library

[7]

Domingo-Ferrer, J., Mateo-Sanz, J., Torra, V. (2001), Comparing SDC Methods for Microdata on the Basis of Information Loss and Disclosure Risk, Pre-proceedings of ETK-NTTS'2001 (vol. 2), Luxembourg: Eurostat, 807--826.

[8]

Elliot, M. J. (2000), DIS: a New Approach to the Measurement of Statistical Disclosure Risk, International Journal of Risk management, 39--48.

[9]

Fellegi, I. P., (1972), On the Question of Statistical Confidentiality, Journal of the American Statistical Association, Volume 67, Issue 337, 7--18.

[10]

Fienberg, S. E.; Markov, U. E. (1998), Confidentiality, uniqueness, and disclosure limitation for categorical data, Journal of Official Statistics, 385--397.

[11]

Greenberg, B.; Zayatz, L. (1992), Strategies for Measuring Risk in Public Use Microdata Files, Statistica Neerlandica, 33--48.

[12]

Kim J. J. (1986), A Method for Limiting Disclosure in Microdata Based on Random Noise and Transformation. American Statistical Association, Proceedings of the Section on Survey Research Methods, 303--308.

[13]

Kooiman, P.; Willemborg, L.; Gouweleeuw, J. (1997), PRAM: A Method for Disclosure Limitation for Microdata, Report, Department of Statistical Methods, Statistical Netherlands, Voorburg.

[14]

Lambert D. (1993), Measures of Disclosure Risk and Harm. Journal of Official Statistics, Vol. 9, 313--331.

[15]

Little, R. J. A. (1993), Statistical Analysis of Masked Data, Journal of Official Statistics, Vol. 9, 407--426.

[16]

McGuckin R. H., Nguyen S. V. (1990), Public Use Microdata: Disclosure and Usefulness. Journal of Economic and Social Measurement, Vol. 16, 19--39.

[17]

Muralidhar K., Sarathy R. (1999), Security of Random Data Perturbation Methods, ACM Transactions on Database Systems, Vol. 24, No. 4, 487--493.

Digital Library

[18]

Samarati, P. (2001), Protecting Respondents Identities in Microdata Release, IEEE Transactions on Knowledge and Data Engineering, Vol. 13, No. 6, 1010--1027.

Digital Library

[19]

Skinner, C. J.; Marsh, C.; Openshaw, S.; Wymer, C. (1994), Disclosure control for census microdata, Journal of Official Statistics, 31--51.

[20]

Takemura, A., (1999), Local Recoding by Maximum Weight Matching for Disclosure Control of Microdata Sets, ITME Discussion Paper No.11.

[21]

Tendick P., Matloff, N. (1994), A Modified Random Perturbation Method for Database Security. ACM Transactions on Database Systems, Volume 19, Number 1.

Digital Library

[22]

Truta, M., Fotouhi, F., Barth-Jones, D. (2003), Disclosure Risk Measures for Microdata, SSDBM 2003, to appear.

Digital Library

[23]

Willemborg L., Waal T. (ed) (2001), Elements of Statistical Disclosure Control. Springer Verlag.

[24]

Zayatz, L. V. (1991), Estimation of the Number of Unique Population Elements Using a Sample, Proc. Survey Research Methods Section, American Statistical Association, 369--373.

Cited By

Poltavtsev AKhabarov ASelyankin A(2022)Comparative Analysis of Methods for Protection against Logical InferenceAutomatic Control and Computer Sciences10.3103/S014641162108026555:8(984-990)Online publication date: 1-Mar-2022
https://doi.org/10.3103/S0146411621080265
Khokhar RFung BIqbal FAlhadidi DBentahar J(2016)Privacy-preserving data mashup model for trading person-specific informationElectronic Commerce Research and Applications10.1016/j.elerap.2016.02.00417:C(19-37)Online publication date: 1-May-2016
https://dl.acm.org/doi/10.1016/j.elerap.2016.02.004
Wang DLiau CHsu T(2007)Granulation as a privacy protection mechanismTransactions on rough sets VII10.5555/1772666.1772683(256-273)Online publication date: 1-Jan-2007
https://dl.acm.org/doi/10.5555/1772666.1772683
Show More Cited By

Index Terms

Privacy and confidentiality management for the microaggregation disclosure control method: disclosure risk and information loss measures
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Assessing global disclosure risk in masked microdata
WPES '04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society

In this paper, we introduce a general framework for microdata and three disclosure risk measures (minimal, maximal and weighted). We classify the attributes from a given microdata in two different ways: based on their potential identification utility ...
Disclosure risk measures for the sampling disclosure control method
SAC '04: Proceedings of the 2004 ACM symposium on Applied computing

In this paper, we introduce three microdata disclosure risk measures (minimal, maximal and weighted) for sampling disclosure control method. The minimal disclosure risk measure represents the percentage of records that can be correctly identified by an ...
On the disclosure risk of multivariate microaggregation

The aim of data protection methods is to protect a microdata file both minimizing the disclosure risk and preserving the data utility. Microaggregation is one of the most popular such methods among statistical agencies. Record linkage is the standard ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '03: Proceedings of the 2003 ACM workshop on Privacy in the electronic society

October 2003

135 pages

ISBN:1581137761

DOI:10.1145/1005140

General Chair:
Sushil Jajodia
George Mason University
,
Program Chairs:
Pierangela Samarati
University of Milan, Italy
,
Paul Syverson
Naval Research Lab

Copyright © 2003 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2003

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS03

Sponsor:

SIGSAC

CCS03: Tenth ACM Conference on Computer and Communications Security 2003

30 10 2003

Washington, DC

Acceptance Rates

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
519
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Poltavtsev AKhabarov ASelyankin A(2022)Comparative Analysis of Methods for Protection against Logical InferenceAutomatic Control and Computer Sciences10.3103/S014641162108026555:8(984-990)Online publication date: 1-Mar-2022
https://doi.org/10.3103/S0146411621080265
Khokhar RFung BIqbal FAlhadidi DBentahar J(2016)Privacy-preserving data mashup model for trading person-specific informationElectronic Commerce Research and Applications10.1016/j.elerap.2016.02.00417:C(19-37)Online publication date: 1-May-2016
https://dl.acm.org/doi/10.1016/j.elerap.2016.02.004
Wang DLiau CHsu T(2007)Granulation as a privacy protection mechanismTransactions on rough sets VII10.5555/1772666.1772683(256-273)Online publication date: 1-Jan-2007
https://dl.acm.org/doi/10.5555/1772666.1772683
Truta TCampan ACho YWainwright RHaddad HShin SKoo Y(2007)K-anonymization incremental maintenance and optimization techniquesProceedings of the 2007 ACM symposium on Applied computing10.1145/1244002.1244093(380-387)Online publication date: 11-Mar-2007
https://dl.acm.org/doi/10.1145/1244002.1244093
Wang DLiau CHsu T(2007)An epistemic framework for privacy protection in database linkingData & Knowledge Engineering10.1016/j.datak.2006.05.00461:1(176-205)Online publication date: 1-Apr-2007
https://dl.acm.org/doi/10.1016/j.datak.2006.05.004
Wang DLiau CHsu T(2007)Granulation as a Privacy Protection MechanismTransactions on Rough Sets VII10.1007/978-3-540-71663-1_16(256-273)Online publication date: 2007
https://doi.org/10.1007/978-3-540-71663-1_16

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten