Resampling for statistical confidentiality in contingency tables

Resampling schemes, and especially the bootstrap method, were proposed as a subclass of perturbation methods to ensure statistical confidentiality in statistical databases. Later, a method based on bootstrapping was presented to achieve the more specific task of anonymising contingency tables. In this paper, we argue that the latter proposal is either inefficient from a computational point of view or insecure due to a high disclosure risk. For illustration, we show that this bootstrap-based procedure for contingency tables can be emulated and outperformed by a cell-oriented random perturbation method, whose complexity can be theoretically quantified. For a given disclosure risk, our cell-oriented perturbation method is more efficient. For a given computational complexity, our cell-oriented method exhibits a lower disclosure risk. More generally, it can be concluded that the very principle of resampling precludes the design of contingency table anonymisation schemes simultaneously providing security, computational efficiency, and data quality.