A Method for Confidentialising User-Defined Tables: Statistical Properties and a Risk-Utility Analysis
Jennifer K. Marley, Victoria L. Leaver
Data Access and Confidentiality Methodology Unit, Australian Bureau of Statistics

In August 2009, the Australian Bureau of Statistics (ABS) released Census TableBuilder, a flexible online tool that allows users to define and download tables of Census counts. To prevent disclosure through differencing attacks and repeated requests for identical tables, the ABS developed a method for automatically and consistently confidentialising tables of counts.

A key feature of the method is the perturbation look-up table, a fixed, two-dimensional array of perturbation values. The amount of perturbation applied to each cell in the requested table is determined by accessing this array using the cell count and a cell key calculated from random numeric keys that have been permanently assigned to all records in the underlying microdata.

In this paper, we examine some of the statistical properties of the method. We create three perturbation look-up tables that provide varying levels of protection and use them to perform a risk-utility analysis of the method. The measures of risk we consider include the probability that a cell calculated from the difference of two tables will equal the true differenced value. We consider a range of utility measures, including the average absolute deviation.

Keywords: Tabular confidentiality; Disclosure risk measures; Data utility measures

Biography: Victoria Leaver completed a combined Bachelor of Arts/Bachelor of Science degree with Honours in Mathematics at the Australian National University in 1997. She has worked in the Data Access and Confidentiality Methodology Unit of the Australian Bureau of Statistics since 2005. The main focus of her work has been on tools for confidentialising tables and assessing disclosure risk in microdata.