Situating Anonymization Within a Privacy Risk Model

February 2012
Topics: Information Privacy, Modeling and Simulation, Risk Management, Prevent Terrorism
Stuart S. Shapiro, The MITRE Corporation
Download PDF (655.97 KB)

Privacy risk analysis of complex socio-technical systems suffers from an inadequate risk model that focuses primarily on some form of Fair Information Practice Principles (FIPPs). Anonymization as a privacy risk control suffers from an emphasis on risk of failure, neglecting the circumstances surrounding its selection as a risk control in the first place. By interrelating an enhanced privacy risk model that goes beyond FIPPs and an integrated anonymization framework, the selection and implementation of anonymization as a privacy risk control can be more systematically considered and carried out. The Science and Technology Directorate of the U.S. Department of Homeland Security has sponsored development of both an integrated anonymization framework and an enhanced privacy risk model to support more effective privacy risk management. Both of these are described at a high level and their interoperability illustrated by application to the Google Street View controversy.

Publications

Interested in MITRE's Work?

MITRE provides affordable, effective solutions that help the government meet its most complex challenges.
Explore Job Openings

Publication Search