Privacy vs. Utility in Anonymized Data

We investigate the privacy and utility aspects of k-anonymity, which has received much research attention since its introduction in [Sweeney, 2002]. Meyerson and Williams [2004] showed that finding an optimal k-anonymization is NP-hard and developed a first approximation algorithm. Further algorithms with different approximation guarantees have been proposed, but it remains hard to compare these algorithms. We are interested in an algorithm that can give good privacy guarantees while preserving the utility of the data. Explicitly capturing the ideas of privacy and utility in this context seems hard and has not been fully achieved yet. We implemented the k-anonymization algorithm presented in [LeFevre et al., 2006], and evaluated its performance on three different real-world databases. We describe the algorithm and some implementation details in section 2. In section 3, we present some known utility measures on anonymized databases. These measures are quite general and do not capture many aspects of utility accurately. In the same section, we present a workload specific measure that proves to be very helpful in evaluating the usefulness of different anonymizations. However, workload specific measures are only helpful if the publisher of the database has sufficient knowledge about the expected queries. Furthermore, we discuss several heuristics to adapt the anonymization algorithm to an expected workload in section 4, and present the results of our evaluation in section 5. In the appendix, we summarize our individual contributions to this project, and give the complete source code of our anonymization and query program.