Privacy and security laws continuously evolve, with states adopting and refining existing guidelines. Recently, within the U.S., Delaware passed a comprehensive data privacy law, joining twelve other states to provide consumers with privacy rights. These privacy laws tend to include additional security requirements and recommendations. Data warehouses that process personally identifiable information (PII) adopt disclosure control mechanisms
to adhere to federal and state privacy and security regulatory guidelines. Thus, using metrics that integrate privacy and security vulnerabilities is beneficial. In this presentation, we describe a new class of metrics that are also key performance indicators of security and privacy policies. We study the statistical properties of the proposed metrics and provide an uncertainty assessment that facilitates the development of policies and procedures for data sharing.