transparency and disclosure risk in data privacy
play

Transparency and disclosure risk in data privacy c Torra 1 Vicen - PowerPoint PPT Presentation

Sep 20, 2023 •425 likes •1.35k views

PAIS 2015 Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of Informatics, University of Sk ovde, Sweden Outline Outline Outline Quantitative measures of risk: record linkage Transparency principle:

  1. PAIS 2015 Transparency and disclosure risk in data privacy c Torra 1 Vicen¸ March, 2015 1 School of Informatics, University of Sk¨ ovde, Sweden

  2. Outline Outline Outline Quantitative measures of risk: record linkage Transparency principle: publication of data processing methods a good practice on data privacy similar to the one in cryptography Risk needs to consider the transparency principle Vicen¸ c Torra; Transparency data privacy PAIS 2015 1 / 61

  3. Outline Outline 1. Introduction • Masking methods • Disclosure risk assessment 2. Transparency • Definition • Attacking Rank Swapping • Attacking Microaggregation 3. Worst-case scenario when measuring disclosure risk 4. Summary PAIS 2015 2 / 61

  4. Introduction > Masking methods Outline Introduction Masking methods PAIS 2015 3 / 61

  5. Introduction > Masking methods Outline Masking methods Masking methods. • Perturbative • Non-perturbative • Synthetic data generators Review • Microaggregation • Rank swapping Vicen¸ c Torra; Transparency data privacy PAIS 2015 4 / 61

  6. Introduction > Masking methods Outline Rank Swapping Rank swapping • For ordinal/numerical attributes • Applied attribute-wise Data : ( a 1 , . . . , a n ) : original data; p : percentage of records Order ( a 1 , . . . , a n ) in increasing order (i.e., a i ≤ a i +1 ) ; Mark a i as unswapped for all i ; for i = 1 to n do if a i is unswapped then Select ℓ randomly and uniformly chosen from the limited range [ i + 1 , min( n, i + p ∗ | X | / 100)] ; Swap a i with a ℓ ; Undo the sorting step ; Vicen¸ c Torra; Transparency data privacy PAIS 2015 5 / 61

  7. Introduction > Masking methods Outline Rank Swapping Rank swapping. • Marginal distributions not modified. • Correlations between the attributes are modified • Good trade-off between information loss and disclosure risk Vicen¸ c Torra; Transparency data privacy PAIS 2015 6 / 61

  8. Introduction > Microaggregation Outline Microaggregation Microaggregation. • Case of two attributes microaggregated together Vicen¸ c Torra; Transparency data privacy PAIS 2015 7 / 61

  9. Introduction > Microaggregation Outline Microaggregation Microaggregation. Application. • k : number of records in the cluster • Partition of the attributes v ′ v ′ v ′ v ′ v 1 v 2 v 3 v 4 1 2 3 4 1 1 1 1 1.66667 2 1.33333 1.66667 2 2 1 2 1.66667 2 1.33333 1.66667 2 3 1 6 1.66667 2 2.33333 5.66667 2 9 1 10 3 7.33333 1.66667 9.66667 3 6 2 2 3 7.33333 1.33333 1.66667 4 1 2 9 4.33333 5 1.66667 9.66667 4 6 2 10 4.33333 5 1.66667 9.66667 4 7 3 2 3 7.33333 2.33333 5.66667 5 8 3 9 4.33333 5 2.33333 5.66667 6 8 4 7 7.66667 8.66667 6 5 8 1 7 2 8.66667 2.66667 6 5 8 9 7 6 7.66667 8.66667 6 5 9 3 8 1 8.66667 2.66667 8.66667 1.33333 9 4 8 2 8.66667 2.66667 8.66667 1.33333 9 9 10 1 7.66667 8.66667 8.66667 1.33333 Vicen¸ c Torra; Transparency data privacy PAIS 2015 8 / 61

  10. Introduction > Disclosure risk Outline Introduction Disclosure risk assesment Vicen¸ c Torra; Transparency data privacy PAIS 2015 9 / 61

  11. Introduction > Disclosure risk Outline Disclosure risk assesment Disclosure risk. • Identity disclosure vs. Attribute disclosure ◦ Attribute disclosure: ⋆ Increase knowledge about an attribute of an individual ◦ Identity disclosure: ⋆ Find/identify an individual in a masked file Vicen¸ c Torra; Transparency data privacy PAIS 2015 10 / 61

  12. Introduction > Disclosure risk Outline Disclosure risk assesment Disclosure risk. • Identity disclosure vs. Attribute disclosure • Boolean vs. quantitative measures Vicen¸ c Torra; Transparency data privacy PAIS 2015 11 / 61

  13. Introduction > Disclosure risk Outline Disclosure risk assesment Disclosure risk. • Identity disclosure vs. Attribute disclosure • Boolean vs. quantitative measures (minimize information loss vs. multiobjetive optimization) Vicen¸ c Torra; Transparency data privacy PAIS 2015 11 / 61

  14. Introduction > Disclosure risk Outline Disclosure risk assesment Disclosure risk. • Identity disclosure vs. Attribute disclosure • Boolean vs. quantitative measures (minimize information loss vs. multiobjetive optimization) Examples. • Boolean definitions of risk ◦ k-Anonymity (Boolean definition / identity disclosure) ◦ differential privacy (Boolean definition / attribute disclosure) • Quantitative measures of risk ◦ Re-identification / Record linkage (for identity disclosure) ◦ Uniqueness (for identity disclosure) ◦ Interval disclosure (for attribute disclosure) Vicen¸ c Torra; Transparency data privacy PAIS 2015 11 / 61

  15. Introduction > Disclosure risk Outline Disclosure risk assesment Quantitative measures for identity disclosure • An scenario for identity disclosure: X = id || X nc || X c ◦ Protection of the attributes ⋆ Identifiers. Usually removed or encrypted. ⋆ Confidential. X c are usually not modified. X ′ c = X c . ⋆ Quasi-identifiers. Apply masking method ρ to these attributes. X ′ nc = ρ ( X nc ) . Vicen¸ c Torra; Transparency data privacy PAIS 2015 12 / 61

  16. Introduction > Disclosure risk Outline Disclosure risk assesment Quantitative measures for identity disclosure • An scenario for identity disclosure: X = id || X nc || X c ◦ A : File with the protected data set ◦ B : File with the data from the intruder (subset of original X ) (protected / public) B (intruder) A r 1 s 1 Re-identification a Record linkage r a b a 1 a n s b quasi- a 1 a n i 1 , i 2 , ... confidential identifiers quasi- identifiers identifiers Vicen¸ c Torra; Transparency data privacy PAIS 2015 13 / 61

  17. Introduction > Disclosure risk Outline Disclosure risk assesment Quantitative measures for identity disclosure • An scenario for identity disclosure ◦ Reidentification using the common attributes (quasi-identifiers): Vicen¸ c Torra; Transparency data privacy PAIS 2015 14 / 61

  18. Introduction > Disclosure risk Outline Disclosure risk assesment Quantitative measures for identity disclosure • An scenario for identity disclosure ◦ Reidentification using the common attributes (quasi-identifiers): identity disclosure Vicen¸ c Torra; Transparency data privacy PAIS 2015 14 / 61

  19. Introduction > Disclosure risk Outline Disclosure risk assesment Quantitative measures for identity disclosure • An scenario for identity disclosure ◦ Reidentification using the common attributes (quasi-identifiers): identity disclosure ◦ Attribute disclosure may be possible Vicen¸ c Torra; Transparency data privacy PAIS 2015 14 / 61

  20. Introduction > Disclosure risk Outline Disclosure risk assesment Quantitative measures for identity disclosure • An scenario for identity disclosure ◦ Reidentification using the common attributes (quasi-identifiers): identity disclosure ◦ Attribute disclosure may be possible when reidentification permits to link confidential values to identifiers (in this case: identity disclosure implies attribute disclosure) Vicen¸ c Torra; Transparency data privacy PAIS 2015 14 / 61

  21. Introduction > Disclosure risk Outline Disclosure risk assesment Quantitative measures for identity disclosure • Flexible scenario for identity disclosure ◦ A protected file using a masking method ◦ B (intruder’s) is a subset of the original file. Vicen¸ c Torra; Transparency data privacy PAIS 2015 15 / 61

  22. Introduction > Disclosure risk Outline Disclosure risk assesment Quantitative measures for identity disclosure • Flexible scenario for identity disclosure ◦ A protected file using a masking method ◦ B (intruder’s) is a subset of the original file. → intruder with information on only some individuals Vicen¸ c Torra; Transparency data privacy PAIS 2015 15 / 61

  23. Introduction > Disclosure risk Outline Disclosure risk assesment Quantitative measures for identity disclosure • Flexible scenario for identity disclosure ◦ A protected file using a masking method ◦ B (intruder’s) is a subset of the original file. → intruder with information on only some individuals → intruder with information on only some characteristics Vicen¸ c Torra; Transparency data privacy PAIS 2015 15 / 61

  24. Introduction > Disclosure risk Outline Disclosure risk assesment Quantitative measures for identity disclosure • Flexible scenario for identity disclosure ◦ A protected file using a masking method ◦ B (intruder’s) is a subset of the original file. → intruder with information on only some individuals → intruder with information on only some characteristics ◦ But also, ⋆ B with a schema different to the one of A (different attributes) Vicen¸ c Torra; Transparency data privacy PAIS 2015 15 / 61

  25. Introduction > Disclosure risk Outline Disclosure risk assesment Quantitative measures for identity disclosure • Re-identification. Risk as number of re-identifications that might be obtained by an intruder (estimation). Vicen¸ c Torra; Transparency data privacy PAIS 2015 16 / 61

  26. Introduction > Disclosure risk Outline Disclosure risk assesment Quantitative measures for identity disclosure • Re-identification. Risk as number of re-identifications that might be obtained by an intruder (estimation). ◦ When both files have the same schema: record linkage algorithms. Vicen¸ c Torra; Transparency data privacy PAIS 2015 16 / 61

Recommend

Data privacy: Introduction Vicen c Torra March, 2019 Hamilton Institute, Maynooth University,

Data privacy: Introduction Vicen c Torra March, 2019 Hamilton Institute, Maynooth University,

Data privacy: Introduction Vicen c Torra March, 2019 Hamilton Institute, Maynooth University, Ireland Outline Outline 1. Motivation 2. Difficulties 3. Terminology 4. Disclosure 5. Transparency 6. Privacy by design 7. Summary 1 / 37

510 views • 38 slides
Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

Beneficial ownership transparency, Title Page privacy and data protection 23 October Presented by Tom Walker tom@theengineroom.org @thomwithoutanh Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

702 views • 13 slides
Data Transparency: Managing the legislative risk 7th International Digital Curation Conference

Data Transparency: Managing the legislative risk 7th International Digital Curation Conference

Andrew Charlesworth Director, Centre for IT & Law Data Transparency: Managing the legislative risk 7th International Digital Curation Conference Bristol, 5-7 December 2011. The Broadening Spectrum of Risk 2 Increasing public access

342 views • 6 slides
Will You Have to Will You Have to Rat Yourself Rat Yourself Out? Out? New Self-Disclosure

Will You Have to Will You Have to Rat Yourself Rat Yourself Out? Out? New Self-Disclosure

Will You Have to Will You Have to Rat Yourself Rat Yourself Out? Out? New Self-Disclosure 60-day overpayment refund Risks for the Unwary Stark Self-Disclosure Protocol Transparency reports Due diligence Dan Mulholland

54 views • 4 slides
Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary

Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary

Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary Webinar From healthsystemCIO.com Sponsored by Proofpoint Your Line Will Be Silent Until Our Event Begins at 12:00 ET Thank You! Slide Deck:

468 views • 22 slides
On Privacy Risk of Releasing Data and Models Ashish Dandekar Supervised by: A/P St ephane

On Privacy Risk of Releasing Data and Models Ashish Dandekar Supervised by: A/P St ephane

Introduction Publication of data Publication of models Privacy at risk Conclusion References On Privacy Risk of Releasing Data and Models Ashish Dandekar Supervised by: A/P St ephane Bressan July 18, 2019 1 / 36 Introduction

912 views • 70 slides
On machine learning for data privacy Vicen c Torra Dec. 7, 2016 School of Informatics,

On machine learning for data privacy Vicen c Torra Dec. 7, 2016 School of Informatics,

Link oping 2016 On machine learning for data privacy Vicen c Torra Dec. 7, 2016 School of Informatics, University of Sk ovde, Sweden Outline Outline Outline Disclosure risk. A quantitative measures: record linkage The worst-case

1.29k views • 101 slides
Breaking down data silos for improved insight a data transparency perspective Transparency

Breaking down data silos for improved insight a data transparency perspective Transparency

Breaking down data silos for improved insight a data transparency perspective Transparency an organisational view Transparency is all about the release of information by institutions or companies that is relevant for the evaluation of

883 views • 32 slides
Cloud Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia

Cloud Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia

Cloud Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia University of Applied Science Wolfenbttel, Germany IFIP Summerschool: Privacy and Identity Management for Life, Helsingborg, August 2nd, 2010 Cloud

775 views • 43 slides
Privacy by Deletion: 5 Steps to Reducing Data Risk July 19, 2017 Agenda Introductions The

Privacy by Deletion: 5 Steps to Reducing Data Risk July 19, 2017 Agenda Introductions The

Privacy by Deletion: 5 Steps to Reducing Data Risk July 19, 2017 Agenda Introductions The Risks Involved with Over-Retention 5 Steps to Reduce Data Risk Understanding what exists Focusing on risks Leveraging lower cost storage

664 views • 25 slides
Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy Network Meeting 10 April 2019 Presentation by Melanie Casley www.salingerprivacy.com.au The cause of so much confusion Back to Basics Privacy

388 views • 19 slides
Conducting DPIAs to Reduce Business Risk Lecio de Paula Director of Data Privacy, FIP,

Conducting DPIAs to Reduce Business Risk Lecio de Paula Director of Data Privacy, FIP,

Conducting DPIAs to Reduce Business Risk Lecio de Paula Director of Data Privacy, FIP, CIPP/E, CIPP/US, CIPP/C, CIPM, AWS Certified Todays Presentation Discuss benefits of conducting data privacy impact assessments Why

497 views • 26 slides
Differen'al Privacy and Risk Ra'os: The seman'cs of privacy

Differen'al Privacy and Risk Ra'os: The seman'cs of privacy

Differen'al Privacy and Risk Ra'os: The seman'cs of privacy CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 5 : 590.03 Fall 16 1

345 views • 30 slides
Enhancing the disclosure of inside information under REMIT and improving the overall transparency

Enhancing the disclosure of inside information under REMIT and improving the overall transparency

Applying REMIT in an evolving regulatory landscape: Enhancing the disclosure of inside information under REMIT and improving the overall transparency in wholesale energy markets Market Integrity and Transparency Department 3 rd Energy Market

243 views • 5 slides
The privacy economics of voluntary over-disclosure in Web forms Sren Preibusch, Kat Krol,

The privacy economics of voluntary over-disclosure in Web forms Sren Preibusch, Kat Krol,

The privacy economics of voluntary over-disclosure in Web forms Sren Preibusch, Kat Krol, Alastair R. Beresford 11 th WEIS 25 th June 2012 Web forms: ubiquitous, versatile, est. 1995 Primary mechanism for explicit data collection

732 views • 15 slides
Privacy in Business Processes - Identifying Non-Authorized Disclosure of Personal Data to Third

Privacy in Business Processes - Identifying Non-Authorized Disclosure of Personal Data to Third

National Institute of Informatics National Institute of Informatics Privacy in Business Processes - Identifying Non-Authorized Disclosure of Personal Data to Third Parties - Austria-Japan Workshop 2010 October 18, 2010 Dr. Sven Wohlgemuth

324 views • 14 slides
Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the

Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the

Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the data disclosure decisions and for visualization IFIP Summer School on Identity Management Karlstad, Sweden August, 6 th -10 th 2007

338 views • 15 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3

Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3

Michael Clarkson Cornell University with Stephen Chong (Harvard) and Andrew Myers (Cornell) Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3 VERIFIABILITY PRIVACY Remote 4 KEY PRINCIPLE:

722 views • 44 slides
Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE Privacy Policy Terms & Conditions and Subscriptions Consent Structure and Preferences Meetings, Conferences, and Events

926 views • 36 slides
EHR Privacy Risk Assessment Using Qualitative Methods Maria Madsen CQUniversity, Gladstone,

EHR Privacy Risk Assessment Using Qualitative Methods Maria Madsen CQUniversity, Gladstone,

EHR Privacy Risk Assessment Using Qualitative Methods Maria Madsen CQUniversity, Gladstone, Queensland EHR Privacy Risk Assessment A Systems Perspective Perform privacy risk Few people have Perform privacy risk Few people

356 views • 13 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Delegation procedure: lack of transparency Delegation procedure: lack of transparency or European

Delegation procedure: lack of transparency Delegation procedure: lack of transparency or European

Brussels, 26th May 2015 Delegation procedure: lack of transparency Delegation procedure: lack of transparency or European democracy at risk? or European democracy at risk? Daniel Guguen Delineation between delegated and implementing acts?

61 views • 5 slides

More recommend