On Resampling for Statistical Con dentiality in Contingency Tables

Resampling schemes, and especially the bootstrap method, were proposed as a subclass of perturbation methods to ensure statistical conndentiality in statistical databases. Later, a method based on bootstrapping was presented to achieve the more speciic task of anonymising contingency tables. In this paper, we argue that the latter proposal is either ineecient from a computational point of view or insecure due to a high disclosure risk. For illustration, we show that this bootstrap-based procedure for contingency tables can be emulated and outperformed by a cell-oriented random perturbation method, whose complexity can be theoretically quantiied. For a given disclosure risk, our cell-oriented perturbation method is more eecient. For a given computational complexity, our cell-oriented method exhibits a lower disclosure risk. More generally, it can be concluded that the very principle of resampling precludes the design of contingency table anonymisation schemes simultaneously providing security, computational eeciency and data quality.