Anonymisierung

Question 1

Information Security

Answer 1

Preservation of confidentiality, integrity and availability of information

Question 2

Data Privacy

Answer 2

• use and governance of personal data and information
• While security is necessary for protecting data, it’s not sufficient for
  addressing privacy

Question 3

Eckpunkte Datenschutz

Answer 3

• Recht jedes Menschen, wem wann welche seiner persönlichen Daten zugänglich sein sollen

Question 3

Eckpunkte Datenschutz

Answer 3

• Recht jedes Menschen, wem wann welche seiner persönlichen Daten zugänglich sein sollen

Question 4

EU-DSGVO

Answer 4

Schutz natürlicher Personen bei der automatisierten Verarbeitung personenbezogener Daten

Question 5

Personally Identifiable Information (PII)

Answer 5

• Any information directly/indirectly relating to identified/identifiable special characterics of a natural person (no company, not deceased)
• identifier such as a name, an identification number, location data, an online factor to identify the natural

Question 6

Pseudonymization

Answer 6

• increases security, but doesn’t offer anonymization

- e.g. simple masking (phone numbers), hashes, encryption

Question 7

Anonymization

Answer 7

• Goal: “„Anonymized data is no longer restricted by GDPR“

- irreversible

Question 8

Removal of Identifiers

Answer 8

• Remove PII
• -> Linkage attack with Quasi-identifiers (combinatio of non-identifying attributes to uniquely identify an individual), e.g. ZIP code, birth date, gender to identify 87% of U.S. population
• -> Differencing attack: exploit differences in result sets

Question 9

k-Anonymity

Answer 9

1. Generalize quasi-identifiers until there are
   at least k records for each group
2. Suppress any remaining records violating
   k-anonymity property

Question 10

K-Anonymity issues

Answer 10

• Homogeneity attack (same disease)
• Background knowledge attack (statistics, probabilities)
• Curse of dimensionality –> more unique attribute combinations, suppress or accept reduced level of anonymity

Question 11

l-diversity

Answer 11

• prevents homogeneity attack by ensuring at least l “well-represented” values per QID group
• Skewness attack
• Similarity attack

Question 12

t-Closeness

Answer 12

• Sensitive attribute’s distribution in QID group
  should be “close” to its global distribution to prevent skewness and similarity attacks
• How meaningful is data if distribution in all QID
  groups is similar?
• General issue: False assumption that attacker
  will only use some attributes to identify
  individuals

Question 13

summary of generalization approach

Answer 13

• Group-based anonymization can be re-identified due to identifiers, quasi-identifiers and
  sensitive attributes
• Game of cat-and-mouse
• conflict between data utility and anonymity
• always depends on the Adversary’s side knowledge

Question 14

k-anonymity vs. Differential Privacy

Answer 14

• Privacy conditioned on data set vs. Privacy conditioned on function
• Hide individual in data subset (“crowd”) vs. Hide individual’s impact on function
• Syntactic privacy:
  attributes are either “public” or “sensitive” vs. Semantic privacy
• Informal privacy guarantee vs. Formal privacy guarantee

Question 15

Relaxations

Answer 15

vgl. Geo-indistinguishability China