Enhancing efficiency and data utility in longitudinal data anonymization

Abstract

Longitudinal data consist of observations collected over time from a set of individuals. The accumulation of information on each individual over time makes longitudinal data particularly privacy-sensitive. However, existing anonymization methods are often inadequate for ensuring privacy-preserving publication of such data, as current privacy models assume unrealistic levels of attacker knowledge. To address this, we propose the ${(k,\beta )}^L$-privacy model, which assumes that an attacker's knowledge is limited to a subsequence of L quasi-identifiers. This provides a more realistic representation of the information an attacker might actually possess. Our model guarantees that every subsequence of L quasi-identifier values appears in either zero or at least k records within the longitudinal database. Additionally, it ensures that the confidence of any sensitive value within these k records is at most β times higher than its confidence in the entire dataset. This not only strengthens privacy protection but also enhances data utility.

Furthermore, we introduce FCLA, an anonymization algorithm designed to enforce our privacy model while prioritizing data utility. FCLA effectively mitigates identity and attribute disclosures, as well as skewness attacks in longitudinal data. It achieves this by partitioning sequences into groups and anonymizing them independently—a process that can be efficiently parallelized. Experimental results show that FCLA outperforms existing methods in preserving data utility while adhering to strict privacy constraints. Additionally, time complexity analysis and execution time measurements demonstrate that FCLA is more efficient and scalable than alternative approaches.