Hajm 19 sahifalar
2017 yil
K-anonymity: A note on the trade-off between data utility and data security
Kitob haqida
Researchers often use data from multiple datasets to conduct credible econometric and statistical analysis. The most reliable way to link entries across such datasets is to exploit unique identifiers if those are available. Such linkage however may result in privacy violations revealing sensitive information about some individuals in a sample. Thus, a data curator with concerns for individual privacy may choose to remove certain individual information from the private dataset they plan on releasing to researchers. The extent of individual information the data curator keeps in the private dataset can still allow a researcher to link the datasets, most likely with some errors, and usually results in a researcher having several feasible combined datasets. One conceptual framework a data curator may rely on is k-anonymity, k ≥ 2, which gained wide popularity in computer science and statistical community. To ensure k-anonymity, the data curator releases only the amount of identifying information in the private dataset that guarantees that every entry in it can be linked to at least k different entries in the publicly available datasets the researcher will use. In this paper, we look at the data combination task and the estimation task from both perspectives – from the perspective of the researcher estimating the model and from the perspective of a data curator who restricts identifying information in the private dataset to make sure that k-anonymity holds. We illustrate how to construct identifiers in practice and use them to combine some entries across two datasets. We also provide an empirical illustration on how a data curator can ensure k-anonymity and consequences it has on the estimation procedure. Naturally, the utility of the combined data gets smaller as k increases, which is also evident from our empirical illustration.