User-focused threat identification for anonymised microdata

  title={User-focused threat identification for anonymised microdata},
  author={Hans-Peter Hafner and Rainer Lenz and Felix Ritchie},
  journal={Statistical Journal of the IAOS},
When producing anonymised microdata for research, national statistics institutes (NSIs) identify a number of 'risk scenarios' of how intruders might seek to attack a confidential dataset. This paper argues that the strategy used to identify confidentiality protection measures can be seriously misguided, mainly since scenarios focus on data protection without sufficient reference to other aspects of data. This paper brings together a number of findings to see how the above problem can be… 
Random disclosure in confidential statistical databases
The paper lines out that disclosure risks estimated thus far are overrated in the sense that revealed information is always a combination of both, systematically derived results and non-negligible random assignment.
Secure shouldn’t mean secret: a call for public policy schools to share, support, and teach data stewardship
Public policy schools must grapple with imperfect options and decide how to support secure data facilities for their faculty and students and take the lead to educate students as data stewards who can navigate the challenges of microdata access for public policy research.
Linking Sensitive Data: Methods and Techniques for Practical Privacy-Preserving Information Sharing
It is shown that linking individual records from different databases is indispensable for many research purposes and data usage in practical applications, and the need for the techniques presented in this book is becoming more important.


Measuring the disclosure protection of micro aggregated business microdata. An analysis taking as an example the German structure of costs survey
This work considers the scenario where a possible data intruder matches an external database with the entire set of confidential data, and calculates approximative solutions to the MOLP obtained by using two external databases as the data intruder’s additional knowledge.
Access to Sensitive Data: Satisfying Objectives Rather than Constraints
The argument for access to sensitive unit-level data produced within government is usually framed in terms of risk and the legal responsibility to maintain confidentiality. This article argues that
Community Innovation Survey: comparable dissemination
The European Union is facing the problem of releasing microdata in a multinational setting i.e. microdata stemming from twenty seven member states. Different laws, methodologies, practices and
Community Innovation Survey: a Flexible Approach to the Dissemination of Microdata Files for Research
This paper describes a methodology for the dissemination of microdata stemming from the Community Innovation Survey. Both risk assessment and disclosure limitation phases are introduced in a flexible
Resistance to change in government: risk, inertia and incentives
There is a popular impression that governments are resistant to change and innovation, and that this is due to a combination of overly bureaucratic processes and a culture of risk aversion. It is
The changing influence of culture on job satisfaction across Europe: 1981-2008
This paper contributes to the growing multi-disciplinary body of literature on subjective wellbeing by investigating the temporal stability and impacts of cultural values on job satisfaction over
Statistical Disclosure Risk: Separating Potential and Harm
Nous soutenons that le comportement liéà une éventuelle intrusion malveillante peut être considéré indépendamment of ce cadre pourvu qu'il soit tenu compte de façon appropriée of the nature des tentatives d'attaques dans the définition du potentiel de divulgation.
Break-Through Innovations and Continuous Improvement: Two Different Models of Innovative Processes in the Public Sector
How do we understand innovation in the public sector? A look at the public and private sector understanding of innovation helps us begin to see how important new ideas are born, nurtured, tested and
Measuring Rule Retention in Anonymized Data - When One Measure Is Not Enough
This paper proposes a new methodology for measuring the retention of the rules that existed in the original data, and uses this methodology to design three measures that can be easily implemented, each measuring aspects of the data that no pre-existing techniques can measure.