|
|
|
@inproceedings{DBLP:conf/pods/SamaratiS98,
author = {Pierangela Samarati and
Latanya Sweeney},
title = {Generalizing Data to Provide Anonymity when Disclosing Information
(Abstract)},
booktitle = {Proceedings of the Seventeenth ACM SIGACT-SIGMOD-SIGART Symposium
on Principles of Database Systems, June 1-3, 1998, Seattle, Washington},
publisher = {ACM Press},
year = {1998},
isbn = {0-89791-996-3},
pages = {188},
ee = {http://doi.acm.org/10.1145/275487.275508, db/conf/pods/SamaratiS98.html},
crossref = {DBLP:conf/pods/98},
bibsource = {DBLP, http://dblp.uni-trier.de}
}
BibTeX
The proliferation of information on the Internet and access to fast computers with large storage capacities has increased the volume of information collected and disseminated about individuals. The existence of these other data sources makes it much easier to re-identify individuals whose private information is released in data believed to be anonymous. At the same time, increasing demands are made on organizations to release individualized data rather than aggregate statistical information. Even when explicit identifiers, such as name and phone number, are removed or encrypted when releasing individualized data, other characteristic data may still uniquely combine into a quasi-identifier, which can allow data recipients to re-identify individuals to whom the data refer.
In this paper, we provide a technique for releasing information such that the ability to link the released data to other information is limited in an attempt to protect the identities of individuals. We use generalization, by which stored values can be replaced with semantically consistent but less precise alternatives, and k-anonymity. A table provides k-anonymity when each combination of values that is associated with a quasi-identifier occurs k or more times, making it difficult to link the quasi-identifier to other data with confidence. We introduce the notions of generalized table and of minimal generalization of a table with respect to a k-anonymity requirement. As an optimization problem, the objective is to minimally distort the data while providing adequate protection. We describe an algorithm that, given a table, efficiently computes a preferred minimal generalization to provide anonymity.
Copyright © 1998 by the ACM, Inc., used by permission. Permission to make digital or hard copies is granted provided that copies are not made or distributed for profit or direct commercial advantage, and that copies show this notice on the first page or initial screen of a display along with the full citation.