The Privacy Analytics Risk Assessment Tool (PARAT) takes the guesswork out of understanding the threat of re-identification. PARAT allows you to precisely measure the risk of re-identification under different scenarios of attack. Using peer-reviewed metrics and de-identification algorithms, PARAT assesses, measures and manages re-identification risk while generating maximum data granularity. Only PARAT can protect against all known types of re-identification attacks. It optimally de-identifies information to protect individual privacy while retaining the data's value.
PARAT is a Windows-based application and is compatible with a number of databases (e.g., Microsoft Access, Microsoft SQL Server, and Oracle). Using a simple four-step process, PARAT allows you to easily and safely use and disclose your valuable data.
Step 1: Select The Indirect Identifiers To Be Released From The Data Set
Select and rank the variables that can be used for re-identification. This ranking (the variables' utility/importance to the person using the de-identified data set) will be used during the de-identification process to determine the optimal anonymization that balances re-identification risk and data utility.
Step 2: Set Your Re-Identification Risk Threshold
To balance the need for privacy with the need for data granularity, PARAT allows you to adjust the acceptable re-identification risk threshold of information based on the profile of the requesting person/organization. Risk-based de-identification ensures that individual privacy is protected while maintaining the released data's utility.
Step 3: Perform the Risk Analysis
PARAT calculates the data set's risk for three types of re-identification attacks: prosecutor, journalist and marketer. In this example, PARAT shows the risk is high (above 0.2) for all three types of re-identification attacks.
The three types of attack reflect three ways in which an adversary can re-identify one or more individuals in your database.
Step 4: De-Identify To Protect Data
PARAT uses several de-identification techniques including suppression (removing high risk values in the database) and generalization (reducing the resolution of a given field). PARAT will automatically de-identify the data to reduce the re-identification risk to acceptable levels defined by the user and remain compliant with the relevant legislation.
PARAT can also automtaically produce a data sharing agreement for the de-identified data set.