Putting Privacy to the Test: Introducing Red Teaming for Research Data Anonymization

TL;DR

This paper introduces a red teaming approach to test and improve data anonymization techniques in research, providing practical tools for researchers to enhance privacy protections in human-centered studies.

Contribution

It adapts security red teaming methods to data anonymization, offering a new, actionable framework and materials for researchers to better protect participant privacy.

Findings

Red teaming reveals vulnerabilities in anonymization methods.

Practical tools help researchers implement effective privacy testing.

Enhanced privacy safeguards in human-centered data sharing.

Abstract

Recently, the data protection practices of researchers in human-computer interaction and elsewhere have gained attention. Initial results suggest that researchers struggle with anonymization, partly due to a lack of clear, actionable guidance. In this work, we propose simulating re-identification attacks using the approach of red teaming versus blue teaming: a technique commonly employed in security testing, where one team tries to re-identify data, and the other team tries to prevent it. We discuss our experience applying this method to data collected in a mixed-methods study in human-centered privacy. We present usable materials for researchers to apply red teaming when anonymizing and publishing their studies' data.