Database Disclosure - Data Mining and Big Data Risk Analysis -

Dealing with Disaster

Data mining and big data analytics are transformative tools in disaster
management, enabling rapid decision-making, predictive modeling, and
efficient resource allocation across the disaster lifecycle—mitigation,
preparedness, response, and recovery. However, utilizing vast datasets (from
social media, IoT, satellite imagery) introduces significant risks regarding
database disclosure, privacy, and security.
Key Aspects of Data Mining & Big Data in Disaster Management
 Five V’s in Disaster Risk Management (DRM): Volume (large data),
Variety (heterogeneous sources), Velocity (real-time), Veracity
(accuracy), and Value (actionable insights) are used to analyze, predict,
and respond to natural disasters.
 Phases of Application:
o Mitigation/Preparation: Satellite data and IoT sensors forecast
events (e.g., hurricanes, floods) and identify vulnerable
infrastructure.
o Response/Recovery: Social media (e.g., Twitter/X) and
crowdsourced data identify hotspots, track victims, and assess
damage in real-time.
Database Disclosure and Privacy Risks
 Exposure of Sensitive Information: In crises, the pressure for quick
data sharing can lead to the unintentional release of Personally
Identifiable Information (PII) of victims, such as locations, health status,
or financial data.
 Misconfiguration and Insecure Storage: Publicly accessible storage
buckets (e.g., Amazon S3, Azure Blob) can expose sensitive data within
24 hours of being misconfigured.
 Privacy-Disaster Paradox: There is a tension between the need for rapid
data sharing for rescue operations and the protection of personal privacy,
as described by the "contextual integrity" framework.
  Social Media Vulnerabilities: Data mined from social platforms may
contain misinformation, rumors, or, if not properly sanitized, expose
users to phishing and fraud.
Risk Mitigation Strategies
 Data Minimization & Anonymization: Only necessary data should be
collected and shared, ensuring PII is anonymized or encrypted in transit
and at rest.
 Access Control & Security: Implementation of Strict Role-Based
Access Control (RBAC) and Multi-Factor Authentication (MFA) to
restrict database access to authorized personnel only.
 Robust Data Governance: Establishing pre-defined protocols for data
sharing that comply with regulations (GDPR, etc.), particularly to protect
vulnerable groups like children.
 Verification Mechanisms: Using trusted sources (e.g., official agencies)
to verify information mined from social media to prevent the spread of
fraudulent data.
Dealing with Disaster: Data Security Challenges
 Data Tampering: Malicious actors may manipulate data to disrupt
rescue operations or cause financial loss.
 Insider Threats: Unauthorized access or data leakage by personnel
involved in the disaster management process.
 Resilience and Backup: Ensuring that databases are regularly backed up
and that these backups are encrypted, as they are high-value targets for
hackers.
For effective disaster management, the integration of big data must balance the
velocity of information with the necessity of data security and privacy to avoid
turning a natural disaster into a data-driven one.
1. Introduction
Modern organizations rely heavily on databases, data mining, and big data analytics to
support decision-making. While these technologies bring significant benefits, they also
introduce serious risks, particularly related to data disclosure, privacy breaches, and
large-scale disasters.

Disasters may be:

 Natural (earthquakes, floods, pandemics)

 Technological (system failures, cyberattacks)
 Human-made (data leaks, insider misuse, poor governance)

Understanding how database disclosure and big data risk interact is critical to mitigating
damage before, during, and after such disasters.

2. Database Disclosure
2.1 Definition

Database disclosure refers to the unauthorized release, exposure, or inference of sensitive

information stored in a database.

Disclosure can occur even when:

 Direct identifiers are removed

 Data is aggregated
 Access is supposedly restricted

2.2 Types of Database Disclosure

1. Direct Disclosure
o Explicit release of sensitive attributes
o Example: Publishing a table with names and medical diagnoses
2. Indirect (Inferential) Disclosure
o Sensitive information inferred using background knowledge
o Example: Identifying a patient based on age, ZIP code, and gender
3. Attribute Disclosure
o Learning a sensitive attribute about an individual
o Example: Inferring disease status
4. Identity Disclosure
o Linking anonymized data to a real individual
2.3 Causes of Database Disclosure

 Poor access controls

 Weak anonymization techniques
 Insider threats
 Data sharing without risk assessment
 Combining multiple datasets (data linkage)

3. Data Mining and Privacy Risks

3.1 Data Mining Overview

Data mining is the process of discovering patterns, trends, and relationships in large datasets
using:

 Classification
 Clustering
 Association rule mining
 Regression
 Anomaly detection

3.2 Privacy Risks in Data Mining

1. Re-identification Attacks
o Anonymized datasets combined with external data
2. Inference Attacks
o Predicting sensitive information not explicitly stored
3. Model Leakage
o Trained models revealing sensitive training data
4. Function Creep
o Data collected for one purpose used for another

3.3 Example

 A retail dataset used to predict purchasing behavior may unintentionally reveal:

o Pregnancy status
o Health conditions
o Financial distress

4. Big Data Characteristics and Risk Amplification

4.1 The 5 Vs of Big Data

1. Volume – Massive data size

2. Velocity – High speed of data generation
3. Variety – Structured, semi-structured, unstructured data
4. Veracity – Data uncertainty and quality
5. Value – Business and societal benefits

4.2 Why Big Data Increases Disclosure Risk

 More data points → easier re-identification

 Real-time analytics → limited time for security checks
 Data integration across systems
 Cloud storage and third-party access

5. Risk Analysis in Big Data Systems

5.1 Risk Definition

Risk = Probability of an event × Impact of the event

In big data contexts:

 Events include breaches, misuse, data loss

 Impacts include financial loss, reputational damage, legal penalties, and human harm

5.2 Risk Analysis Process

1. Risk Identification
o What can go wrong?
o Which data is sensitive?
2. Risk Assessment
o Likelihood of occurrence
o Severity of consequences
3. Risk Evaluation
o Acceptable vs unacceptable risk
4. Risk Mitigation
o Controls and safeguards

5.3 Common Big Data Risks

  Mass data breaches
 Algorithmic bias
 Loss of data integrity
 Cascading system failures
 Regulatory non-compliance

6. Disasters Related to Data and Analytics

6.1 Types of Data-Related Disasters

1. Cyber Disasters
o Ransomware attacks
o Large-scale hacking incidents
2. Operational Disasters
o System crashes
o Corrupted databases
3. Ethical and Social Disasters
o Discriminatory algorithms
o Surveillance misuse
4. Regulatory Disasters
o Heavy fines (e.g., GDPR violations)
o Loss of operating licenses

6.2 Case Examples (Conceptual)

 Healthcare database breach exposing patient records

 Government census data re-identified
 Social media analytics used for political manipulation

7. Dealing with Disaster: Prevention, Response, and

Recovery
7.1 Prevention Strategies

Technical Measures

 Data encryption (at rest and in transit)

 Access control and authentication
 Secure data storage and backups
 Differential privacy
 k-anonymity, l-diversity, t-closeness
Organizational Measures

 Data governance frameworks

 Privacy-by-design principles
 Employee training
 Regular audits and penetration testing

7.2 Disaster Response

When a disclosure or breach occurs:

1. Detection
o Intrusion detection systems
o Monitoring and logging
2. Containment
o Isolate affected systems
o Revoke compromised credentials
3. Notification
o Inform authorities
o Notify affected individuals
4. Damage Assessment
o Identify data exposed
o Evaluate impact

7.3 Recovery and Lessons Learned

 Restore systems from secure backups

 Improve security controls
 Update risk models
 Revise policies and procedures
 Legal and ethical remediation

8. Ethical and Legal Considerations

8.1 Ethical Issues

 Consent and transparency

 Fairness and non-discrimination
 Accountability in automated decision-making
 Respect for individual autonomy
8.2 Legal Frameworks (Overview)

 Data protection laws (e.g., GDPR-like principles)

 Data breach notification requirements
 Rights of data subjects
 Organizational liability

9. Future Challenges
 AI-driven inference attacks
 Cross-border data flows
 Internet of Things (IoT) data explosion
 Quantum computing threats to encryption
 Balancing innovation with privacy

10. Summary
 Database disclosure is a critical risk in data-driven systems.
 Data mining and big data amplify privacy and security challenges.
 Risk analysis helps identify, evaluate, and mitigate threats.
 Disasters can be technical, ethical, legal, or societal.
 Effective disaster handling requires prevention, rapid response, and long-term
recovery.
 Strong governance, ethical awareness, and technical safeguards are essential.
1. Introduction (DETAILED LECTURE NOTES)
What to say

Modern organizations collect enormous amounts of data about individuals — customers,

patients, citizens, and employees. This data is stored in databases and analyzed using data
mining and big data technologies to improve efficiency, profits, and services.

However, the same data that helps organizations can seriously harm individuals if
misused or leaked.

Real-life analogy

Think of data like water stored in a dam:

 When controlled → electricity, irrigation, benefits

 When leaked or broken → floods and destruction

Big data disasters are data floods.

Teaching emphasis

 Disasters today are digital, silent, and large-scale

 One breach can affect millions instantly
 Damage is often irreversible

Ask students

Can data harm someone without physical injury?

2. Database Disclosure

2.1 Definition
Explanation

Database disclosure happens when sensitive information becomes known to someone who
should not know it.
This does not require hacking — sometimes it happens due to poor design or careless
sharing.

Real-life analogy

Imagine covering someone’s face but leaving:

  Voice
 Height
 Clothes
People can still recognize them.

That is how anonymized data works.

Example

A hospital releases “anonymous” patient data:

 Age
 Area
 Treatment date
A journalist combines it with news reports and identifies a patient.

Teaching emphasis

 Removing names is not enough

 Disclosure can be accidental or indirect

2.2 Types of Database Disclosure

1. Direct Disclosure

Explanation

Sensitive data is openly visible.

Example

 Public Google Sheet with student marks and ID numbers

 Leaked payroll database

Analogy

Leaving your house door wide open

Teaching emphasis

 Simple mistakes → huge impact

 Often caused by misconfiguration

2. Indirect (Inferential) Disclosure

Explanation

Sensitive information is not shown directly, but can be deduced.

Puzzle analogy (important)

Each data attribute is a puzzle piece:

 Age
 Gender
 Location
One piece is useless. Together, they form a full picture.

Real example

 87% of US citizens can be uniquely identified using ZIP + gender + birth date

Teaching emphasis

 More data = easier inference

 Attackers think statistically

3. Attribute Disclosure

Explanation

Even without knowing the identity, learning a sensitive trait causes harm.

Example

Learning that “a person in this dataset has HIV” even if you don’t know who.

Analogy

Knowing someone in this room failed the exam — damage still exists.

4. Identity Disclosure

Explanation

Linking anonymous records to real people.

Example

Netflix dataset re-identified using IMDb ratings.

Teaching emphasis

 Most dangerous type

 Leads to legal disasters

2.3 Causes of Database Disclosure

Explanation

Disclosure usually happens due to combination of failures, not one mistake.

Analogy

Swiss cheese model — holes line up.

Examples

 Weak passwords
 Excessive data sharing
 Insider curiosity
 Merging datasets from different sources

3. Data Mining and Privacy Risks

3.1 Data Mining Overview

Explanation

Data mining finds patterns humans cannot easily see.

Analogy

A doctor reading an X-ray vs AI detecting tiny tumors.

Teaching emphasis

 Powerful but opaque

 Predictions ≠ certainty

3.2 Privacy Risks in Data Mining

1. Re-identification Attacks

Explanation

Anonymous data becomes identifiable when combined with other data.

Analogy

Mask + unique walk = identification.

Example

Voter list + medical data.

2. Inference Attacks

Explanation

Predicting sensitive data that was never collected.

Example

Predicting depression from social media likes.

Teaching emphasis

 No consent
 Ethical problem

3. Model Leakage

Explanation

Models remember training data.

Analogy

A parrot repeating secrets it heard.

Example

AI revealing exact patient records.

4. Function Creep

Explanation

Data slowly used beyond original purpose.

Analogy

Security camera → employee surveillance.

3.3 Retail Example (DEEP)

Explanation

Shopping patterns reveal personal life stages.

Real case

Retailers predicted pregnancy before families knew.

Teaching emphasis

 Data doesn’t forget

 Patterns expose private life

4. Big Data Risk Amplification

4.1 5 Vs Explained Simply

Volume

More people affected.

Velocity

No time to check.

Variety

Messy data hides risks.

Veracity
Wrong data → wrong decisions.

Value

Higher motivation to steal.

4.2 Why Big Data is Dangerous

Analogy

A microscope on human behavior.

Example

Location + app usage + payments = full profile.

5. Risk Analysis

5.1 Risk Concept

Explanation

Risk = chance × damage.

Analogy

Driving without seatbelt.

5.2 Risk Analysis Steps

Identification

What data hurts if leaked?

Assessment

How likely? How bad?

Evaluation

Can we accept this risk?

Mitigation

Reduce impact or likelihood.

6. Data Disasters
Cyber

Ransomware shuts hospitals.

Operational

System crash loses records.

Ethical

Biased AI denies loans.

Regulatory

Massive fines.

7. Disaster Handling

Prevention
Locks before thieves.

Response
Stop bleeding first.

Recovery
Learn and improve.

8. Ethics & Law

Ethics
Just because we can ≠ should.

Law

Protect citizens after disasters.

9. Future Challenges
AI

Smarter inference.

IoT

Always watching.

Quantum

Break encryption.

10. Final Teaching Wrap-up

Closing analogy

Data is power — power requires responsibility.

End question

Who should control data: organizations or individuals?