Disclosure risk vs. data utility: The RU confidentiality map

Abstract

Information organizations (IOs) must provide data products that are both useful and have low risk of confidentiality disclosure. Recognizing that deidentification of data is generally inadequate to protect their confidentiality against attack by a data snooper, concerned IOs can apply disclosure limitation techniques to the original data. Desirably, the resulting restricted data have both high data utility U to users (analytically valid data) and low disclosure risk R (safe data). This article shows the promise of the R-U confidentiality map, a chart that traces the impact on R and U of changes in the parameters of a disclosure limitation procedure. Theory for the R-U confidentiality map is developed for additive noise applied to univariate data under various scenarios of data snooper attack. These scenarios are predicated on different knowledge states for the data snooper. A demonstration is provided of how to implement the theory for a real database. Through simulation methods, this leads to an empirical R-U confidentiality map. Application is made to data from a National Center for Education Statistics (NCES) survey, the