Beyond k-Anonymity A Decision Theoretic Framework for Assessing Privacy Risk


An important issue any organization or individual has to face when managing data containing sensitive information, is the risk that can be incurred when releasing such data. Even though data may be sanitized, before being released, it is still possible for an adversary to reconstruct the original data by using additional information that may be available, for example, from other data sources. To date, however, no comprehensive approach exists to quantify such risks. In this paper we develop a framework, based on statistical decision theory, to assess the relationship between the disclosed data and the resulting privacy risk. We relate our framework with the k-anonymity disclosure method; we make the assumptions behind k-anonymity explicit, quantify them, and extend them in several natural directions.


sensitive information, sanitized, data sources, privacy, security, k-anonymity

Date of this Version



Privacy in Statistical Databases Lecture Notes in Computer Science, 2006, Volume 4302/2006