Local synthesis for disclosure limitation that satisfies probabilistic k -anonymity criterion

• Published in: Transactions on data privacy Vol. 10; no. 1; pp. 61 - 81
• Main Authors: Oganian, Anna, Domingo-Ferrer, Josep
• Format: Journal Article
• Language: English
• Published: Spain 01.04.2017
• Subjects: probabilistic k-anonymity; Expectation-Maximization (EM) algorithm; mixture model; synthetic data; Statistical Disclosure Limitation (SDL)
• ISSN: 1888-5063; 2013-1631

Before releasing databases which contain sensitive information about individuals, data publishers must apply Statistical Disclosure Limitation (SDL) methods to them, in order to avoid disclosure of sensitive information on any identifiable data subject. SDL methods often consist of masking or synthesizing the original data records in such a way as to minimize the risk of disclosure of the sensitive information while providing data users with accurate information about the population of interest. In this paper we propose a new scheme for disclosure limitation, based on the idea of of data. Our approach is predicated on model-based clustering. The proposed method satisfies the requirements of -anonymity; in particular we use a variant of the -anonymity privacy model, namely probabilistic -anonymity, by incorporating constraints on cluster cardinality. Regarding data utility, for continuous attributes, we exactly preserve means and covariances of the original data, while approximately preserving higher-order moments and analyses on subdomains (defined by clusters and cluster combinations). For both continuous and categorical data, our experiments with medical data sets show that, from the point of view of data utility, local synthesis compares very favorably with other methods of disclosure limitation including the sequential regression approach for synthetic data generation.