Table of Contents
Fetching ...

Putting Privacy to the Test: Introducing Red Teaming for Research Data Anonymization

Luisa Jansen, Tim Ulmann, Robine Jordi, Malte Elson

TL;DR

This paper addresses the challenge of responsibly sharing research data by testing anonymization robustness through a red-team/blue-team framework borrowed from security testing. It details a systematic, iterative process where a red team attempts re-identification on minimally anonymized data and a blue team strengthens anonymization in response, culminating in publication-ready datasets. The authors provide procedural materials and a case study that demonstrates actionable strategies to balance data utility with privacy protections, while highlighting practical trade-offs and remaining open questions. The approach offers a concrete methodology to move beyond vague guidance toward repeatable privacy-preserving practices with real-world impact for HCI and related fields.

Abstract

Recently, the data protection practices of researchers in human-computer interaction and elsewhere have gained attention. Initial results suggest that researchers struggle with anonymization, partly due to a lack of clear, actionable guidance. In this work, we propose simulating re-identification attacks using the approach of red teaming versus blue teaming: a technique commonly employed in security testing, where one team tries to re-identify data, and the other team tries to prevent it. We discuss our experience applying this method to data collected in a mixed-methods study in human-centered privacy. We present usable materials for researchers to apply red teaming when anonymizing and publishing their studies' data.

Putting Privacy to the Test: Introducing Red Teaming for Research Data Anonymization

TL;DR

This paper addresses the challenge of responsibly sharing research data by testing anonymization robustness through a red-team/blue-team framework borrowed from security testing. It details a systematic, iterative process where a red team attempts re-identification on minimally anonymized data and a blue team strengthens anonymization in response, culminating in publication-ready datasets. The authors provide procedural materials and a case study that demonstrates actionable strategies to balance data utility with privacy protections, while highlighting practical trade-offs and remaining open questions. The approach offers a concrete methodology to move beyond vague guidance toward repeatable privacy-preserving practices with real-world impact for HCI and related fields.

Abstract

Recently, the data protection practices of researchers in human-computer interaction and elsewhere have gained attention. Initial results suggest that researchers struggle with anonymization, partly due to a lack of clear, actionable guidance. In this work, we propose simulating re-identification attacks using the approach of red teaming versus blue teaming: a technique commonly employed in security testing, where one team tries to re-identify data, and the other team tries to prevent it. We discuss our experience applying this method to data collected in a mixed-methods study in human-centered privacy. We present usable materials for researchers to apply red teaming when anonymizing and publishing their studies' data.
Paper Structure (17 sections, 1 figure)

This paper contains 17 sections, 1 figure.

Figures (1)

  • Figure 1: The process of red teaming for testing the robustness of research data anonymization. The process begins with a version of the study data and materials that is only superficially anonymized (e.g., by removing direct identifiers). The red team starts by attacking the anonymization, aiming to re-identify participants. The blue team makes the anonymization more rigorous in reaction to the red team's findings. After one or multiple iterations, when no new risks can be identified, the resulting data and materials are published.