Protecting Statistical Databases Against Snoopers. Comparison of two methods. Disclosure vs. Anonymity. Information disclosure necessary for planning and numerical measurements Anonymity necessary for protection of the individual and the public’s trust in systems. Medical Data.
Comparison of two methods
Complete Identification Without Uniquely Identifying Information
If an individual’s answer to the query is the ith answer, the profile would be a string of k bits where the ith is a one and the others are zero
To sanitize, each bit is flipped with probability ½ + ε/2
All sanitized profiles resemble a random string of ones and zerosImplementing the Coin-flip Algorithm
Professor Nina Mishra, PhD