Encyclopedia of Database Systems

Living Edition
| Editors: Ling Liu, M. Tamer Özsu


  • Josep Domingo-FerrerEmail author
Living reference work entry
DOI: https://doi.org/10.1007/978-1-4899-7993-3_1503-2



A protected dataset is said to satisfy k-anonymity for k > 1 if, for each combination of key attribute values (e.g., address, age, gender, etc.), at least k records exist in the dataset sharing that combination [2, 3].

Key Points

If, for a given k, k-anonymity is assumed to be sufficient protection, one can concentrate on minimizing information loss with the only constraint that k-anonymity should be satisfied. This is a clean way of solving the tension between data protection and data utility. Since k-anonymity is usually achieved via generalization (equivalent to global recoding, as said above) and local suppression, minimizing information loss usually translates to reducing the number and/or the magnitude of suppressions.

k-Anonymity bears some resemblance to the underlying principle of microaggregation and is a useful concept because quasi-identifiers are usually categorical or can be categorized, i.e., they take values in a finite (and ideally reduced) range. However, re-identification is not necessarily based on categorical key attributes: sometimes, numerical outcome attributes (which are continuous and often cannot be categorized) give enough clues for re-identification. Microaggregation was suggested as a possible way to achieve k-anonymity for numerical, ordinal and nominal attributes [1].

p-Sensitive k-anonymity is a stronger property whereby it is required that a dataset is k-anonymous and additionally that there are at least p distinct values for each confidential attribute within a group of records sharing a combination of key attributes [4].


Recommended Reading

  1. 1.
    Domingo-Ferrer J, Torra V. Ordinal, continuous and heterogenerous k-anonymity through microaggregation. Data Mining Knowl Discov. 2005;11(2):195–212.MathSciNetCrossRefGoogle Scholar
  2. 2.
    Samarati P. Protecting respondents’ identities in microdata release. IEEE Trans Knowl Data Eng. 2001;13(6):1010–27.CrossRefGoogle Scholar
  3. 3.
    Samarati P, Sweeney L. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technicalreport, SRI International; 1998.Google Scholar
  4. 4.
    Truta TM, Vinay B. Privacy protection: p-sensitivek-anonymity property. In: Proceedings of 2nd International Workshop on Privacy Data Management; 2006. p. 94.Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.Universitat Rovira i VirgiliTarragonaSpain

Section editors and affiliations

  • Elena Ferrari
    • 1
  1. 1.DiSTAUniv. of InsubriaVareseItaly