ABSTRACT

Identity disclosure is a potential privacy threat for any type of data being released, including relational data, transaction data, sequential data, and trajectory data. In a transaction data set, every subset of items can potentially act as a quasiidentifier to uniquely or nearly uniquely re-identify an individual’s transaction. A sequential database is susceptible to identity disclosure if an adversary knows a subsequence of items about a specific individual, for instance, if the adversary knows a part of a sequence of events related to an individual whose data are found

170 

in the database. In a trajectory data set, a subset of spatiotemporal data points belonging to a moving object, such as a GPS device in an individual’s car, may be known by an adversary and be employed by her to re-identify the record of that individual. In all these cases, the adversary can obtain such knowledge from various external sources. For instance, she may have access to a public database containing the record of the targeted data subject. The adversary may even use several scattered sources of information, and not just one external data source, to gain knowledge about an individual.