To assess the effectiveness of an anonymisation method with respect to data protection, the disclosure risk associated with the protected data must be evaluated. We consider the scenario where a possible data intruder matches an external database with the entire of confidential data. In order to improve his external database he tries to assign as many correct pairs af records (that is, records refering to the same underlying statistical unit)as possible. The problem of maximisation of the number of correctly assigned pairs is translated into a multi-objective linear assignment problem (MOLP).
Regarding several variants of the micro aggregation anonymisation method applied to the German structure of costs survey, we calculate approximative solutions to the MOLP obtained by using two external databases as the data intruder´s additional knowledge. Finally a standard for so-called de facto anonymity is suggested.