Protecting Statistical Databases Against Snoopers. Comparison of two methods. Disclosure vs. Anonymity. Information disclosure necessary for planning and numerical measurements Anonymity necessary for protection of the individual and the public’s trust in systems. Medical Data.
Protecting Statistical Databases Against Snoopers
Comparison of two methods
Complete Identification Without Uniquely Identifying Information
How much could changing one row change an answer?
The sensitivity of a series of queries is the sum of the sensitivities of the queries
Each of the k possible answers to a query are ordered and numbered
If an individual’s answer to the query is the ith answer, the profile would be a string of k bits where the ith is a one and the others are zero
To sanitize, each bit is flipped with probability ½ + ε/2
All sanitized profiles resemble a random string of ones and zeros
Professor Alf Weaver, PhD
Professor Nina Mishra, PhD