Quantifying Privacy Violations

Understanding privacy in a data storage environment has become of increasing interest to the data management and user communities over the past decade. Previous work has produced a number of definitions with greater or lesser specificity. The value of a particular definition can only be understood in light of how it helps us understand when a privacy violation occurs. This paper builds upon earlier work that defines privacy using a four-dimensional taxonomy with an inherent sense of increasing privacy exposure. This taxonomy is extended to formally capture the notions of (a) privacy violations, (b) the severity of a privacy violation, and (c) the likelihood of data providers ceasing to provide data due to privacy exposures. The privacy violation model developed here provides an operational framework to characterize and estimate privacy violation in a relational database system. It also allows one to calculate the consequences to the data provider of widening privacy policies. We describe a quantitative analysis of violations that captures discrepancies between the data collector's stated policies and practices in comparison to the data providers' data preferences. We demonstrate this analysis using a simple example and show how the accumulation of privacy violations can have a detrimental effect upon the data collector.

[1]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[2]  Ponnurangam Kumaraguru,et al.  Privacy Indexes: A Survey of Westin's Studies , 2005 .

[3]  Ernesto Damiani,et al.  A Game-Theoretical Approach to Data-Privacy Protection from Context-Based Inference Attacks: A Location-Privacy Protection Case Study , 2008, Secure Data Management.

[4]  Cynthia Dwork,et al.  Ask a Better Question, Get a Better Answer A New Approach to Private Data Analysis , 2007, ICDT.

[5]  Isao Echizen,et al.  New Approach to Quantification of Privacy on Social Network Sites , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[6]  Ken Barker,et al.  Capturing P3P semantics using an enforceable lattice-based structure , 2011, PAIS '11.

[7]  Alfred Kobsa,et al.  The Adaptive Web, Methods and Strategies of Web Personalization , 2007, The Adaptive Web.

[8]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[9]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[10]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[11]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[12]  Reihaneh Safavi-Naini,et al.  Towards defining semantic foundations for purpose-based privacy policies , 2011, CODASPY '11.

[13]  Maarten M. Fokkinga,et al.  A Framework to Balance Privacy and Data Usability Using Data Degradation , 2009, 2009 International Conference on Computational Science and Engineering.

[14]  Ken Barker,et al.  Analysis of social networking privacy policies , 2010, EDBT '10.

[15]  Ken Barker,et al.  A Data Privacy Taxonomy , 2009, BNCOD.

[16]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[17]  Elisa Bertino,et al.  Beyond k-Anonymity: A Decision Theoretic Framework for Assessing Privacy Risk , 2009, Trans. Data Priv..

[18]  Wenfei Fan,et al.  Conditional Dependencies: A Principled Approach to Improving Data Quality , 2009, BNCOD.

[19]  Sören Preibusch,et al.  Implementing Privacy Negotiations in E-Commerce , 2006, APWeb.

[20]  Alfred Kobsa,et al.  Privacy-Enhanced Web Personalization , 2007, The Adaptive Web.

[21]  Alfréd Rényi,et al.  Probability Theory , 1970 .

[22]  A. Westin Social and Political Dimensions of Privacy , 2003 .

[23]  Helmut Seidl,et al.  Exact XML Type Checking in Polynomial Time , 2007, ICDT.

[24]  Zhiting Xiao,et al.  A Privacy Data Release Method Based on Game Theory , 2010, 2010 2nd International Conference on E-business and Information System Security.

[25]  Eytan Adar,et al.  Valuating Privacy , 2005, WEIS.

[26]  Richard A. Silverman,et al.  Probability Theory: A Concise Course , 1977 .

[27]  Ken Barker,et al.  Controlling Inference: Avoiding P-level Reduction During Analysis , 2008, J. Res. Pract. Inf. Technol..