How does the parameter k in k-anonymity relate quantitatively to re-identification risk?
In a k-anonymous dataset every record shares its quasi-identifiers with at least k−1 others, so the worst-case ("highest") re-identification risk is at most about 1/k — raising k from 5 to 20 drops that risk from ~20% to ~5%.
Because each person hides in a group of at least k indistinguishable records, the best an attacker can do is guess one of k — a 1/k chance of singling out the right individual.
| k value | Highest re-identification risk (≈ 1/k) |
|---|---|
| 5 | ~20% |
| 10 | ~10% |
| 20 | ~5% |
Seeing it in a tool: the open-source ARX Data Anonymization Tool quantifies this with a journalist attacker model, reporting metrics like Records at risk, Highest risk, and Success rate. Increasing the enforced k visibly pushes these risk gauges down — at the cost of more generalization/suppression (the protection–utility trade-off).
The catch: lower risk isn't free. Bigger k means coarser data (wider age ranges, truncated ZIPs), so analytical utility falls as protection rises. And k-anonymity still doesn't stop attribute disclosure — if all k records share the same sensitive value, the attacker learns it regardless.
Tip: "1/k" is the headline, but treat it as a ceiling on worst-case risk, not a guarantee against every attack (homogeneity and background-knowledge attacks still apply — which is why l-diversity and t-closeness exist).
Go deeper:
ARX Data Anonymization Tool — the risk metrics (highest risk, records at risk) that visualise the 1/k re-identification ceiling.