The anonymity assessment node considers two types of risks, quasi-identifiable re-identification and attacker risks. The output is an analysis of these two risks. To get additional insight if two tables are provided an additional columns with the same risks assessment results are provided in the output tables. This is helpful for comparing non-anonymized and anonymized data.
- Quasi-identifiable re-identification risks
Combinations of quasi-identifiers that can be analyzed regarding associated risks of re-identification. The output table provides information about the degree to which combinations of variables separate the records from each other and to which degree the variables make records distinct. Risk Analysis
- Attacker risks
There are different types of attackers that are assessed. The output table is an estimation of three different attacker models:
a) [prosecutor scenario] The risk that a specific person in the dataset can be re-identified when the attacker knows this person is in the dataset.
b) [journalist scenario] The risk that there exists at least one person in the dataset who can be re-identified. The point is to prove that someone can be re-identified. In this case, the goal of the re-identification is frequently to embarrass or discredit the organization that performed the de-identification.
c) [marketer scenario] The percentage of identities in the dataset that can be correctly re-identified.