Abstract: We describe new results for upper and lower bounds on the entries in multi-way tables of counts based on a set of released and possibly overlapping marginal tables which have practical importance for assessing disclosure risk. In particular, we present a generalized version of the shuttle algorithm proposed by Buzzigoli and Giusti that is proven to compute sharp integer bounds for an arbitrary set of fixed marginals. The method forms part of a project developing a Web-based query system for statistical databases. Its goal is to allow the use of disclosure limitation methods in response to a series of queries…in which the public knowledge of releases is cumulative.
Abstract: More and more empirical researchers from universities or research centres would like to use register data collected by statistical agencies or the social security system, because these data can be used for several empirical studies, e.g. the analysis of special groups or quantitative effects of economic policies. Most of the register data required have to be (factually) anonymised before they are disseminated to preserve confidentiality. Therefore re-identification risks for register data are examined by matching a sample of register data with survey data, collected especially for scientific purposes. Three methods were applied: the uniqueness approach, a simple distance estimation and…a cluster analysis. The data sets used were two birth cohorts (1964 and 1971) of the German employment statistics (register data) and the German Life History Study. The analysis show that a re-identification of real persons may be possible by a standard-cluster analysis or a simple distance criterion if an intruder has access to additional information. The number of re-identifiable persons is remarkably high although the proportion of re-identifiable persons is less than expected on the basis of the uniqueness-approach.
Abstract: Data Intrusion Simulation (DIS) is a recently developed method for assessing the risk of disclosure using the data intruder's viewpoint. This article describes the method and introduces recent work demonstrating how the approach can be used to assess the effectiveness of disclosure control methods. The paper then descirbes how DIS could be used as a part of a larger program moving away from passive risk assessment to a system of risk driven file construction, which has the potential to improve both the quality and security of released data.
Abstract: This article presents the results of a survey on statistical data confidentiality (SDC) in the transition countries carried out by the UNECE secretariat in 2000/2001. It gives an overview of the general policy of national statistical offices towards disclosure control, the legal basis for SDC in countries, and the use of different methods for confidentiality protection. The required legal basis for confidentiality has been established in most of the transition countries. In practice, the main safeguards for protecting confidentiality are administrative and organisational. The use of mathematical methods of disclosure control is less advanced as there is often not enough…awareness of the possible methods. Software and training were highlighted by the transition countries as the priority areas for future development of SDC.