A MODIFIED RANDOM PERTURBATION METHOD FOR DATABASE-SECURITY

The random data perturbation (RDP) method of preserving the privacy of individual records in a statistical database is discussed. In particular, it is shown that if confidential attributes are allowed as query-defining variables, severe biases may result in responses to queries. It is also shown that even if query definition through confidential variables is not allowed, biases can still occur in responses to queries such as those involving proportions or counts. In either case, serious distortions may occur in user statistical analyses. A modified version of RDP is presented, in the form of a query adjustment procedure and specialized perturbation structure which will produce unbiased results.