A Game Theoretic Framework for Analyzing Re-Identification Risk

dc.contributor.ISNI0000 0001 2710 6938 (Kantarcioglu, M)en_US
dc.contributor.LCNAnb201302379 (Kantarcioglu, M)en_US
dc.contributor.ORCID0000-0001-6423-4533 (Kantarcioglu, M)en_US
dc.contributor.VIAF305367293 (Kantarcioglu, M)en_US
dc.contributor.authorWan, Zhiyuen_US
dc.contributor.authorVorobeychik, Yevgeniyen_US
dc.contributor.authorXia, Weiyien_US
dc.contributor.authorClayton, Ellen Wrighten_US
dc.contributor.authorKantarcioglu, Muraten_US
dc.contributor.authorGanta, Ranjiten_US
dc.contributor.authorHeatherly, Raymonden_US
dc.contributor.authorMalin, Bradley A.en_US
dc.description.abstractGiven the potential wealth of insights in personal data the big databases can provide, many organizations aim to share data while protecting privacy by sharing de-identified data, but are concerned because various demonstrations show such data can be re-identified. Yet these investigations focus on how attacks can be perpetrated, not the likelihood they will be realized. This paper introduces a game theoretic framework that enables a publisher to balance re-identification risk with the value of sharing data, leveraging a natural assumption that a recipient only attempts re-identification if its potential gains outweigh the costs. We apply the framework to a real case study, where the value of the data to the publisher is the actual grant funding dollar amounts from a national sponsor and the re-identification gain of the recipient is the fine paid to a regulator for violation of federal privacy rules. There are three notable findings: 1) it is possible to achieve zero risk, in that the recipient never gains from re-identification, while sharing almost as much data as the optimal solution that allows for a small amount of risk; 2) the zero-risk solution enables sharing much more data than a commonly invoked de-identification policy of the U.S. Health Insurance Portability and Accountability Act (HIPAA); and 3) a sensitivity analysis demonstrates these findings are robust to order-of-magnitude changes in player losses and gains. In combination, these findings provide support that such a framework can enable pragmatic policy decisions about de-identified data sharing.en_US
dc.description.sponsorship"This research was funded by grants R01HG006844 and U01HG006385 from the National Human Genome Research Institute (http://www.genome.gov), grant R01LM009989 from National Library of Medicine (http://www.nlm.nih.gov), and grant CCF-0424422 from National Science Foundation (http://www.nsf.gov). "en_US
dc.identifier.bibliographicCitationWan, Zhiyu, Yevgeniy Vorobeychik, Weiyi Xia, Ellen Wright Clayton, et al. 2015. "A game theoretic framework for analyzing re-identification risk." PLOS One 10(3): doi:10.1371/journal.pone.0120592.en_US
dc.publisherPublic Library of Scienceen_US
dc.rightsCC-BY 4.0 (Attribution)en_US
dc.rights©2015 The Authorsen_US
dc.source.journalPLOS Oneen_US
dc.subjectComputer securityen_US
dc.subjectGame theoryen_US
dc.subjectOnline identitiesen_US
dc.subjectDatabase securityen_US
dc.subjectRisk assessmenten_US
dc.titleA Game Theoretic Framework for Analyzing Re-Identification Risken_US


Original bundle

Now showing 1 - 1 of 1
Thumbnail Image
1.31 MB
Adobe Portable Document Format