Ming Ding | Information Security and
Privacy Group | Data61, CSIROPrivacy risk assessment –Examples
•Re-identification risk: Pr𝑥𝑖belongstoanindividual ℎ|𝑦,𝐵
➢Intuition: The probability of determining the 𝑖-threcord belongs to an individual ℎ
➢𝐵denotes the background information held by an adversary. Could be anything!
➢In our discussed examples, 𝑦could be a table of data values, an image downloaded from Google
street view, cross -correlation heatmaps of time series sequences, etc.
➢This metric can be evaluated using Probability theory or empirical experiments
➢The smaller the metric, the stronger the privacy protection
Original data x
(sensitive info: s
non-sensitive info: u)Output/Observation y
(data, query answer, AI/ML
models/parameters, etc.)