Abstract
Consider a data holder, such as a hospital or a bank, that has a privately held collection of person-specific, field structured data. Suppose the data holder wants to share a version of the data with researchers. How can a data holder release a version of its private data with scientific guarantees that the individuals who are the subjects of the data cannot be re-identified while the data remain practically useful? The solution provided in this paper includes a formal protection model named k-anonymity and a set of accompanying policies for deployment. A release provides k-anonymity protection if the information for each person contained in the release cannot be distinguished from at least k-1 individuals whose information also appears in the release. This paper also examines re-identification attacks that can be realized on releases that adhere to k-anonymity unless accompanying policies are respected. The k-anonymity protection model is important because it forms the basis on which the real-world systems known as Datafly, μ-Argus and k-Similar provide guarantees of privacy protection.
Keywords
AnonymityComputer securityk-anonymityComputer scienceInternet privacyIdentification (biology)Software deploymentData Protection Act 1998Set (abstract data type)Private information retrievalInformation privacy
Affiliated Institutions
Related Publications
Guaranteeing anonymity when sharing medical data, the Datafly system
We present a computer program named Datafly that maintains anonymity in medical data by automatically generalizing, substituting, and removing information as appropriate without...
Federated Learning With Differential Privacy: Algorithms and Performance Analysis
Federated learning (FL), as a type of distributed machine learning, is capable of significantly preserving clients’ private data from being exposed to adversaries. Ne...
A learning theory approach to noninteractive database privacy
In this article, we demonstrate that, ignoring computational constraints, it is possible to release synthetic databases that are useful for accurately answering large classes of...
Harmonious Attention Network for Person Re-identification
Existing person re-identification (re-id) methods either assume the availability of well-aligned person bounding box images as model input or rely on constrained attention selec...
Maintaining the Confidentiality of Medical Records Shared over the Internet and the World Wide Web
The Boston Electronic Medical Record Collaborative is working to develop a system that will use the World Wide Web to transfer computer-based patient information to clinicians i...
Publication Info
- Year
- 2002
- Type
- article
- Volume
- 10
- Issue
- 05
- Pages
- 557-570
- Citations
- 8284
- Access
- Closed
External Links
Social Impact
Altmetric
PlumX Metrics
Social media, news, blog, policy document mentions
Citation Metrics
8284
OpenAlex
Cite This
Latanya Sweeney
(2002).
k-ANONYMITY: A MODEL FOR PROTECTING PRIVACY.
International Journal of Uncertainty Fuzziness and Knowledge-Based Systems
, 10
(05)
, 557-570.
https://doi.org/10.1142/s0218488502001648
Identifiers
- DOI
- 10.1142/s0218488502001648