Location
Hilton Hawaiian Village, Honolulu, Hawaii
Event Website
https://hicss.hawaii.edu/
Start Date
3-1-2024 12:00 AM
End Date
6-1-2024 12:00 AM
Description
In this methodological paper, we introduce a novel approach to evaluate the risk of re-identification of individuals associated with data release strategies, including data redaction, data anonymization and data synthesis. More precisely, our approach simulates an attacker performing singling-out attacks as outlined in data protection regulations, and scores attacks based on the linkability of records and the information gain obtained by the attacker. Additionally, we further enhance our approach by simulating attacks as a cooperative game. In this game, the value of the attackers' information resources is determined using Shapley value borrowed from game theory. We also demonstrate the effectiveness of our approach using the Adult Income Census (AIC) dataset before discussing the economical implications associated with a privacy breach. Our work contributes to research and practice on the pressing need to better understand and evaluate the inherent trade-offs that exist between data privacy and utility in organizations.
Recommended Citation
Mesana, Patrick; Jutras, Pascal; Crowe, Julien; Vial, Gregory; and Caporossi, Gilles, "Evaluating the Risk of Re-Identification in Data Release Strategies: An Attacker-Centric Approach" (2024). Hawaii International Conference on System Sciences 2024 (HICSS-57). 4.
https://aisel.aisnet.org/hicss-57/da/data_science/4
Evaluating the Risk of Re-Identification in Data Release Strategies: An Attacker-Centric Approach
Hilton Hawaiian Village, Honolulu, Hawaii
In this methodological paper, we introduce a novel approach to evaluate the risk of re-identification of individuals associated with data release strategies, including data redaction, data anonymization and data synthesis. More precisely, our approach simulates an attacker performing singling-out attacks as outlined in data protection regulations, and scores attacks based on the linkability of records and the information gain obtained by the attacker. Additionally, we further enhance our approach by simulating attacks as a cooperative game. In this game, the value of the attackers' information resources is determined using Shapley value borrowed from game theory. We also demonstrate the effectiveness of our approach using the Adult Income Census (AIC) dataset before discussing the economical implications associated with a privacy breach. Our work contributes to research and practice on the pressing need to better understand and evaluate the inherent trade-offs that exist between data privacy and utility in organizations.
https://aisel.aisnet.org/hicss-57/da/data_science/4