The leakage of personal privacy has emerged as a critical challenge in data security. Anonymization can effectively reduce the risk of privacy leakage by deidentification of personal information. However,inappropriate data processing methods can affect the results. Moreover,a residual risk of re-identification remains after data release. As domestic security supervision on data circulation intensifies,it is of great significance for personal information sharing to establish a reasonable anonymization process and assess the residual risks of anonymized data under data compliance. The previous anonymous risk assessment primarily center on evaluating data security through attack models. Additionally,these studies often overlook inherent risks within the anonymous process itself and the compliance of anonymous data. Therefore,this article introduced an anonymization general process. Building upon it,a risk assessment around data security and compliance was devised. The risk assessment method focused on process risk and data re-identification risk. It contained a supporting evaluation method and index system. In compliance evaluation,this article summarized existing standards. It proposed quantifiable compliance requirements to ensure compliance while assessing data risks. Finally,this article conducted a simulation experiment of anonymous process to verify process feasibility. The experimental result verifies that the risk assessment method can effectively detect potential threats in anonymization by simulating different risk scenarios.
关键词
数据合规/匿名通用流程/匿名风险评估/流程风险/重识别风险
Key words
data compliance/anonymization general process/anonymization risk assessment/process risk/re-identification risk
维普
万方数据