Measuring the Disclosure Protection of Micro Aggregated Business Microdata. An Analysis Taking as An Example the German Structure of Costs Survey
To assess the effectiveness of an anonymisation method with respect to data protection, the disclosure risk associated with the protected data must be evaluated. We consider the scenario where a possible data intruder matches an external database with the entire set of confidential data. In order to improve his external database he tries to assign as many correct pairs of records (that is, records referring to the same underlying statistical unit) as possible. The problem of maximisation of the number of correctly assigned pairs is translated into a multi-objective linear assignment problem (MOLP).
Regarding several variants of the micro aggregation anonymisation method applied to the German structure of costs survey, we calculate approximative solutions to the MOLP obtained by using two external databases as the data intruder’s additional knowledge. Finally, a standard for so-called de facto anonymity is suggested.
Database cross-match, de facto anonymity, linear programming, micro aggregation, scientific-use-file, statistical data confidentiality