What are the different types of disclosure risk?

There are two general kinds of re-identification risk that are of concern. The first is when an intruder can assign an identity to any record in the disclosed database. For example, the intruder would be able to determine that record number 7 in the disclosed database belongs to patient Alice Smith. This is called identity disclosure. The second type of re-identification is when an intruder learns something new about a patient in the database without knowing which specific record belongs to that patient. For example, if patients from a particular area in the emergency database had a certain test result, then an intruder does not need to know which record belongs to Alice Smith, if she lives in that particular area then the intruder will discover sensitive information about her. This is called attribute disclosure.

There are three sub-types of risk under identity-disclosure: (a) prosecutor risk, (b) journalist risk, and (c) marketer risk. Another KnowledgeBase article explains the difference between prosecutor and journalist risk: [view here].

k-Anonymity algorithms are often used to manage the risk of re-identification for prosecutor and journalist risk. 

The author(s) retain all copyright to this knowledgebase article. Please include a citation to the web page if you reuse this material. More information is available at our lab web site: http://www.ehealthinformation.ca/.