A soft constraint privacy model based on identifiability
Abstract
Disclosing any information contained within an information system that stores personal data can be associated with risk. Nevertheless, the risk of privacy violation is often considered acceptable, since otherwise the most routine business operations can become impossible. Traditional privacy protection methods limit this risk indirectly by using access control policies for the protection of private information, authorizing the release of information only when the purpose of access justifies doing so. While simple and robust, these policies are binary, and therefore they can be too rigid in practice. A data access operation that is only slightly more risky than usual will be denied, and treated no differently than disclosing all possible data contained in the system. If the risk was justified, the access control policy will be modified later to allow it, but the original declined operation will not be performed in time. In this paper we build upon existing research in disclosure risk assessment, and propose a new flexible privacy protection approach based on soft constraints, as opposed to the hard constraints of traditional systems. The proposed model uses identiflability risk computation to estimate the risk of data access, and allows those requesting data access to decide whether the risk is justified. To prevent abuse of the system, each granted access will be recorded, and those taking high risks will need to justify their decisions later. However, the system will not decline access at the time when the request is made, unless, of course, the risk is unjustifiably high. We believe that this novel approach will help achieve the perfect balance between privacy protection and business efficiency. We illustrate our approach using data published by the U. S. Census Bureau. © 2007 IEEE.