Enhancing the Utility of Anonymized Data by Improving the Quality of Generalization Hierarchies
Vanessa Ayala-Rivera(a),(*), Patrick McDonagh(b), Thomas Cerqueus(c), Liam Murphy(a), Christina Thorpe(a)
Transactions on Data Privacy 10:1 (2017) 27 - 59
(a) Lero@UCD, School of Computer Science, University College Dublin, Ireland.
(b) CTO Reliability and Eco-Environmental Engineering Team, Alcatel-Lucent, Blanchardstown, D15, Ireland.
(c) R and D team, Lengow, Nantes, France.
e-mail:vanessa.ayala-rivera @ucdconnect.ie; patrick.mcdonagh @alcatel-lucent.com; thomas.cerqueus @lengow.com; liam.murphy @ucd.ie; christina.thorpe @ucd.ie
The dissemination of textual personal information has become an important driver of innovation. However, due to the possible content of sensitive information, this data must be anonymized. A commonly-used technique to anonymize data is generalization. Nevertheless, its effectiveness can be hampered by the Value Generalization Hierarchies (VGHs) used as poorly-specified VGHs can decrease the usefulness of the resulting data. To tackle this problem, in our previous work we presented the Generalization Semantic Loss (GSL), a metric that captures the quality of categorical VGHs in terms of semantic consistency and taxonomic organization. We validated the accuracy of GSL using an intrinsic evaluation with respect to a gold standard ontology. In this paper, we extend our previous work by conducting an extrinsic evaluation of GSL with respect to the performance that VGHs have in anonymization (using data utility metrics). We show how GSL can be used to perform an a priori assessment of the VGHs' effectiveness for anonymization. In this manner, data publishers can quantitatively compare the quality of various VGHs and identify (before anonymization) those that better retain the semantics of the original data. Consequently, the utility of the anonymized datasets can be improved without sacrificing the privacy goal. Our results demonstrate the accuracy of GSL, as the quality of VGHs measured with GSL strongly correlates with the utility of the anonymized data. Results also show the benefits that an a priori VGH assessment strategy brings to the anonymization process in terms of time-savings and a reduction in the dependency on expert knowledge. Finally, GSL also proved to be lightweight in terms of computational resources.