LOGBOOK

HELP

Quiz Entry - updated: 2026.06.07

What is "residual risk" of re-identification, and how should organizations handle it?

No anonymization method gives absolute guarantees — some re-identification risk always remains — so organizations must assess, document, and consciously accept it.

The uncomfortable truth: no anonymization method provides absolute guarantees. Some level of re-identification risk persists no matter how sophisticated the technique. Risk is therefore managed in tiers, e.g.:

  • ~15% — a "low risk" threshold often considered acceptable for research data.
  • ~5% — moderate risk; requires additional safeguards and access controls.
  • ~1% — minimal risk; difficult to achieve without severe utility loss.

The responsible practice is to transparently assess, document, and accept the residual risk when publishing — rather than claiming the data is "perfectly anonymous."

Tip: Mature privacy work doesn't promise zero risk; it states the residual risk number, justifies it, and pairs it with controls.

From Quiz: PRIVACY / Re-identification Attacks & Privacy Defenses | Updated: Jun 07, 2026