Source Data Perturbation and consistent sets of safe tables
Statistics and Computing
Privacy, accuracy, and consistency too: a holistic solution to contingency table release
Proceedings of the twenty-sixth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Statistical confidentiality: Optimization techniques to protect tables
Computers and Operations Research
Micro-aggregation-based heuristics for p-sensitive k-anonymity: one step beyond
PAIS '08 Proceedings of the 2008 international workshop on Privacy and anonymity in information society
A heuristic block coordinate descent approach for controlled tabular adjustment
Computers and Operations Research
PSD'12 Proceedings of the 2012 international conference on Privacy in Statistical Databases
Confidentialising maps of mixed point and diffuse spatial data
PSD'12 Proceedings of the 2012 international conference on Privacy in Statistical Databases
Hi-index | 0.00 |
In statistical disclosure control of tabular data, sensitivity rules are commonly used to decide whether a table cell is sensitive and should therefore not be published. The most popular sensitivity rules are the dominance rule, the p%-rule and the pq-rule. The dominance rule has received critiques based on specific numerical examples and is being gradually abandoned by leading statistical agencies. In this paper, we construct general counterexamples which show that none of the above rules does adequately reflect disclosure risk if cell contributors or coalitions of them behave as intruders: in that case, releasing a cell declared non-sensitive can imply higher disclosure risk than releasing a cell declared sensitive. As possible solutions, we propose an alternative sensitivity rule based on the concentration of relative contributions. More generally, we suggest to complement a priori risk assessment based on sensitivity rules with a posteriori risk assessment which takes into account tables after they have been protected.