59/72 111972/2020/CL&ES
Appendix 3: Primer on Anonymity A primer on anonymisation techniques is provided here. Some of these techniques are academic pursuits and some of them are methods already used in industry tools. 1. K-anonymity44
i. A release of data is said to have the k-anonymity property if the information for each person contained in the release cannot be distinguished from at least k-1 individuals whose information also appear in the release45. This is one of the most popular and old techniques for structured data. 2. L-diversity46
i. The l-diversity model is an extension of the k-anonymity model which reduces the granularity of data representation using techniques including generalization and suppression such that any given record maps onto at least k-1 other records in the data. The l-diversity model handles some of the weaknesses in the kanonymity model where protected identities to the level of k-individuals is not equivalent to protecting the corresponding sensitive values that were generalized or suppressed, especially when the sensitive values within a group exhibit homogeneity. The l-diversity model adds the promotion of intra-group diversity for sensitive values in the anonymization mechanism47. 3. T-closeness48
i. An equivalence class is said to have t-closeness if the distance between the distribution of a sensitive attribute in this class and the distribution of the attribute in the whole table is no more than a threshold t. A table is said to have t-closeness if all equivalence classes have t-closeness49. 4. Diffix (High-Utility Database Anonymization)50
i. Diffix acts as an SQL proxy between the analyst and an unmodified live database. Diffix adds a minimal amount of noise to answers—Gaussian with a standard deviation of only two for counting queries—and places no limit on the number of 44
http://dataprivacylab.org/dataprivacy/projects/kanonymity/kanonymity.pdf https://en.wikipedia.org/wiki/K-anonymity 46 Ashwin Machanavajjhala, Daniel Kifer, Johannes Gehrke, and MuthuramakrishnanVenkitasubramaniam. 2007. L-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1, 1, Article 3 (March 2007). DOI=http://dx.doi.org/10.1145/1217299.1217302https://personal.utdallas.edu/~muratk/courses/privacy08f_f iles/ldiversity.pdf 47 https://en.wikipedia.org/wiki/L-diversity 48 N. Li, T. Li and S. Venkatasubramanian, "t-Closeness: Privacy Beyond k-Anonymity and l-Diversity," 2007 IEEE 23rd International Conference on Data Engineering, Istanbul, 2007, pp. 106-115. doi: 10.1109/ICDE.2007.367856 https://www.cs.purdue.edu/homes/ninghui/papers/t_closeness_icde07.pdf 49 https://en.wikipedia.org/wiki/T-closeness 50 https://aircloak.com/wp-content/uploads/Diffix-High-Utility-Database-Anonymization.pdf 45
59
