Data disseminated by National Statistical Agencies (NSAs) can be classified as either microdata or tabular data. Tabular data is obtained from microdata by crossing one or more categorical variables. Although cell tables provide aggregated information, they also need to be protected. This chapter is a short introduction to tabular data protection. It contains three main sections. The first one ...

1. The approach taken at Statistics Netherlands to protect a microdata set starts with identifying the unsafe records in this set. There are general rules that (more or less) prescribe which combinations of identifying variables to consider. Each combination of values that appears less than a prespecified threshold value in the microdata set is considered unsafe. The next step is to modify the ...

To protect respondents’ identity when releasing microdata, data holders often remove or encrypt explicit identifiers, such as names and social security numbers. De-identifying data, however, provide no guarantee of anonymity. Released information often contains other data, such as race, birth date, sex, and ZIP code, that can be linked to publicly available information to re-identify respondent...

Publication of statistical information by national agencies in the form of microdata (i.e., individual records) raises the problem of preventing disclosure of confidential information about particular respondents without significantly damaging the utility of the data being protected. Often, statistical agencies disseminate information only in the form of tables. But, microdata—records which con...

Masking methods protect data sets against disclosure by perturbing the original values before publication. Masking causes some information loss (masked data are not exactly the same as original data) and does not completely suppress the risk of disclosure for the individuals behind the data set. Information loss can be measured by observing the differences between original and masked data while...

Noise addition is a family of methods used in the protection of the privacy of individual data (microdata) in statistical databases. This paper is a critical analysis of the security of the methods in that family.