Practical and Ready-to-Use Methodology to Assess the re-identification Risk in Anonymized Datasets

To prove that a dataset is sufficiently anonymized, many privacy policies suggest that a re-identification risk assessment be performed, but do not provide a precise methodology for doing so, leaving the industry alone with the problem. This paper proposes a practical and ready-to-use methodology for re-identification risk assessment, the originality of which is manifold: (1) it is the first to follow well-known risk analysis methods (e.g. EBIOS) that have been used in the cyber-security field for years, which consider not only the ability to perform an attack, but also the severity such an attack can have on an individual; (2) it is the first to qualify attributes and values of attributes with e.g. degree of exposure, as known real-world attacks mainly target certain types of attributes and not others; 3) it is the first to provide clear, comprehensible criteria and interpretable, explainable assessment results.