Show simple item record

dc.contributor.authorAiroldi, Edoardo Maria
dc.contributor.authorBai, Xue
dc.contributor.authorMalin, Bradley
dc.date.accessioned2013-02-26T16:51:00Z
dc.date.issued2011
dc.identifier.citationAiroldi, Edoardo M., Xue Bai, and Bradley A. Malin. 2011. An entropy approach to disclosure risk assessment: Lessons from real applications and simulated domains. Decision Support Systems 51(1): 10-20.en_US
dc.identifier.issn0167-9236en_US
dc.identifier.urihttp://nrs.harvard.edu/urn-3:HUL.InstRepos:10345118
dc.description.abstractWe live in an increasingly mobile world, which leads to the duplication of information across domains. Though organizations attempt to obscure the identities of their constituents when sharing information for worthwhile purposes, such as basic research, the uncoordinated nature of such environment can lead to privacy vulnerabilities. For instance, disparate healthcare providers can collect information on the same patient. Federal policy requires that such providers share “de-identified” sensitive data, such as biomedical (e.g., clinical and genomic) records. But at the same time, such providers can share identified information, devoid of sensitive biomedical data, for administrative functions. On a provider-by-provider basis, the biomedical and identified records appear unrelated, however, links can be established when multiple providers' databases are studied jointly. The problem, known as trail disclosure, is a generalized phenomenon and occurs because an individual's location access pattern can be matched across the shared databases. Due to technical and legal constraints, it is often difficult to coordinate between providers and thus it is critical to assess the disclosure risk in distributed environments, so that we can develop techniques to mitigate such risks. Research on privacy protection has so far focused on developing technologies to suppress or encrypt identifiers associated with sensitive information. There is a growing body of work on the formal assessment of the disclosure risk of database entries in publicly shared databases, but less attention has been paid to the distributed setting. In this research, we review the trail disclosure problem in several domains with known vulnerabilities and show that disclosure risk is influenced by the distribution of how people visit service providers. Based on empirical evidence, we propose an entropy metric for assessing such risk in shared databases prior to their release. This metric assesses risk by leveraging the statistical characteristics of a visit distribution, as opposed to person-level data. It is computationally efficient and superior to existing risk assessment methods, which rely on ad hoc assessment that are often computationally expensive and unreliable. We evaluate our approach on a range of location access patterns in simulated environments. Our results demonstrate that the approach is effective at estimating trail disclosure risks and the amount of self- information contained in a distributed system is one of the main driving factors.en_US
dc.description.sponsorshipStatisticsen_US
dc.language.isoen_USen_US
dc.publisherElsevieren_US
dc.relation.isversionofdoi:10.1016/j.dss.2010.11.014en_US
dc.relation.hasversionhttp://www.people.fas.harvard.edu/~airoldi/en_US
dash.licenseMETA_ONLY
dc.subjectdisclosureen_US
dc.subjectdistributed systemsen_US
dc.subjectinformation theoryen_US
dc.subjectinformation privacyen_US
dc.subjectrisk analysisen_US
dc.titleAn Entropy Approach to Disclosure Risk Assessment: Lessons from Real Applications and Simulated Domainsen_US
dc.typeJournal Articleen_US
dc.description.versionVersion of Recorden_US
dc.relation.journalDecision Support Systemsen_US
dash.depositing.authorAiroldi, Edoardo Maria
dash.embargo.until10000-01-01
dc.identifier.doi10.1016/j.dss.2010.11.014*
dash.contributor.affiliatedAiroldi, Edoardo


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record