What is "residual risk" of re-identification, and how should organizations handle it?
No anonymization method gives absolute guarantees — some re-identification risk always remains — so organizations must assess, document, and consciously accept it.
The uncomfortable truth: no anonymization method provides absolute guarantees. Some level of re-identification risk persists no matter how sophisticated the technique. Risk is therefore managed in tiers, e.g.:
- ~15% — a "low risk" threshold often considered acceptable for research data.
- ~5% — moderate risk; requires additional safeguards and access controls.
- ~1% — minimal risk; difficult to achieve without severe utility loss.
The responsible practice is to transparently assess, document, and accept the residual risk when publishing — rather than claiming the data is "perfectly anonymous."
Tip: Mature privacy work doesn't promise zero risk; it states the residual risk number, justifies it, and pairs it with controls.