Towards Utility-driven Anonymization of Transactions

Publishing person-specific transactions in an anonymous form is increasingly required by organizations. Recent approaches ensure that potentially identifying information (e.g., a set of diagnosis codes) cannot be used to link published transactions to persons' identities, but all are limited in application because they incorporate coarse privacy requirements (e.g., protecting a certain set of m diagnosis codes requires protecting all m-sized sets), do not integrate utility requirements, and tend to explore a small portion of the solution space. In this paper, we propose a more general framework for anonymizing transactional data under specific privacy and utility requirements. We model such requirements as constraints, investigate how these constraints can be specified, and propose COAT (COnstraint-based Anonymization of Transactions), an algorithm that anonymizes transactions using a flexible hierarchy-free generalization scheme to meet the specified constraints. Experiments with benchmark datasets verify that COAT significantly outperforms the current state-of-the-art algorithm in terms of data utility, while being comparable in terms of efficiency. The effectiveness of our approach is also demonstrated in a real-world scenario, which requires disseminating a private, patient-specific transactional dataset in a way that preserves both privacy and utility in intended studies.