Priority Level
Medium (Nice to have)
Is your feature request related to a problem?
In the sensitivity disposition we assign each entity a sensitivity value, but give no guidance on how to assign it. We've seen some questionable assignments. A leaked high-sensitivity entity contributes 1.0 to leakage mass; a low one only 0.3. Also it triggers mandatory repair regardless of total leakage mass (when repair_any_high_leak=True in the risk tolerance bundle). This ticket is to add more guidance on how this value is assigned.
Describe the solution you'd like
Update the sensitivity disposition to give more guidance. This will take some thought. Certainly direct identifiers (names, SSN, phone number) are all high. Quasi-identifier sensitivity should probably depend on how much they add to re-identification risk. Should all "leave-as-is" dispositions be low sensitivity?
Describe alternatives you've considered
No response
Additional context
No response
Priority Level
Medium (Nice to have)
Is your feature request related to a problem?
In the sensitivity disposition we assign each entity a sensitivity value, but give no guidance on how to assign it. We've seen some questionable assignments. A leaked high-sensitivity entity contributes 1.0 to leakage mass; a low one only 0.3. Also it triggers mandatory repair regardless of total leakage mass (when repair_any_high_leak=True in the risk tolerance bundle). This ticket is to add more guidance on how this value is assigned.
Describe the solution you'd like
Update the sensitivity disposition to give more guidance. This will take some thought. Certainly direct identifiers (names, SSN, phone number) are all high. Quasi-identifier sensitivity should probably depend on how much they add to re-identification risk. Should all "leave-as-is" dispositions be low sensitivity?
Describe alternatives you've considered
No response
Additional context
No response