LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How does the parameter k in k-anonymity relate quantitatively to re-identification risk?

In a k-anonymous dataset every record shares its quasi-identifiers with at least k−1 others, so the worst-case ("highest") re-identification risk is at most about 1/k — raising k from 5 to 20 drops that risk from ~20% to ~5%.

Because each person hides in a group of at least k indistinguishable records, the best an attacker can do is guess one of k — a 1/k chance of singling out the right individual.

k value Highest re-identification risk (≈ 1/k)
5 ~20%
10 ~10%
20 ~5%

Seeing it in a tool: the open-source ARX Data Anonymization Tool quantifies this with a journalist attacker model, reporting metrics like Records at risk, Highest risk, and Success rate. Increasing the enforced k visibly pushes these risk gauges down — at the cost of more generalization/suppression (the protection–utility trade-off).

The catch: lower risk isn't free. Bigger k means coarser data (wider age ranges, truncated ZIPs), so analytical utility falls as protection rises. And k-anonymity still doesn't stop attribute disclosure — if all k records share the same sensitive value, the attacker learns it regardless.

Tip: "1/k" is the headline, but treat it as a ceiling on worst-case risk, not a guarantee against every attack (homogeneity and background-knowledge attacks still apply — which is why l-diversity and t-closeness exist).

Go deeper:

From Quiz: PRIVACY / Identities, Anonymity & Data Protection Goals | Updated: Jul 14, 2026