Ming Ding | Information Security and
Privacy Group | Data61, CSIROWhat can you do as an organization? Technical
controls
•Anonymity ( unlinkability ) -Data is not linked to an identity
–Location anonymity (Tor, mixes)
–Data anonymity -“we anonymized the data before releasing it”
•Aggregation of data
–E.g. Australian Census Data Release –TableBuilder
–https://www.abs.gov.au/websitedbs/d3310114.nsf/home/about+tablebuilder
–How TableBuilder works?
•https://unece.org/fileadmin/DAM/stats/documents/ece/ces/ge.46/2013/Topic_1_ABS.pdf
•Adding noise to data
–Differential Private data release and collection
•There is no extra risk for a particular individual being in the database to not being in the database .
–Local Differential Privacy exaples :
–Google RAPPOR: https://github.com/google/rappor
–Apple: https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf