The book covers data privacy in depth with respect to data mining, test data management, synthetic data generation etc. It formalizes principles of data privacy that are essential for good anonymization design based on the data format and discipline. The principles outline best practices and reflect on the conflicting relationship between privacy and utility. From a practice standpoint, it provides practitioners and researchers with a definitive guide to approach anonymization of various data formats, including multidimensional, longitudinal, time-series, transaction, and graph data. In addition to helping CIOs protect confidential data, it also offers a guideline as to how this can be implemented for a wide range of data at the enterprise level. Cover 1 Half Title 2 Title Page 4 Copyright Page 5 Dedication 6 Contents 8 Preface 14 Acknowledgments 16 Authors 18 List of Abbreviations 20 1. Introduction to Data Privacy 22 1.1 Introduction 22 1.2 What Is Data Privacy and Why Is It Important? 24 1.2.1 Protecting Sensitive Data 26 1.2.2 Privacy and Anonymity: Two Sides of the Same Coin 29 1.3 Use Cases: Need for Sharing Data 30 1.3.1 Data Mining and Analysis 33 1.3.2 Software Application Testing 34 1.3.3 Business Operations 34 1.4 Methods of Protecting Data 35 1.5 Importance of Balancing Data Privacy and Utility 36 1.5.1 Measuring Privacy of Anonymized Data 39 1.5.2 Measuring Utility of Anonymized Data 40 1.6 Introduction to Anonymization Design Principles 40 1.7 Nature of Data in the Enterprise 42 1.7.1 Multidimensional Data 42 1.7.1.1 Challenges in Privacy Preservation of Multidimensional Data 43 1.7.2 Transaction Data 43 1.7.2.1 Challenges in Privacy Preservation of Transaction Data 44 1.7.3 Longitudinal Data 44 1.7.3.1 Challenges in Anonymizing Longitudinal Data 45 1.7.4 Graph Data 45 1.7.4.1 Challenges in Anonymizing Graph Data 47 1.7.5 Time Series Data 47 1.7.5.1 Challenges in Privacy Preservation of Time Series Data 48 References 48 2. Static Data Anonymization Part I: Multidimensional Data 50 2.1 Introduction 50 2.2 Classification of Privacy Preserving Methods 50 2.3 Classification of Data in a Multidimensional Data Set 52 2.3.1 Protecting Explicit Identifiers 52 2.3.2 Protecting Quasi-Identifiers 55 2.3.2.1 Challenges in Protecting QI 56 2.3.3 Protecting Sensitive Data (SD) 59 2.4 Group-Based Anonymization 63 2.4.1 k-Anonymity 63 2.4.1.1 Why k-Anonymization? 63 2.4.1.2 How to Generalize Data? 68 2.4.1.3 Implementing k-Anonymization 73 2.4.1.4 How Do You Select the Value of k? 75 2.4.1.5 Challenges in Implementing k-Anonymization 76 2.4.1.6 What Are the Drawbacks of k-Anonymization? 78 2.4.2 l-Diversity 79 2.4.2.1 Drawbacks of l-Diversity 80 2.4.3 t-Closeness 81 2.4.3.1 What Is t-Closeness? 81 2.4.4 Algorithm Comparison 81 2.5 Summary 83 References 84 3. Static Data Anonymization Part II: Complex Data Structures 86 3.1 Introduction 86 3.2 Privacy Preserving Graph Data 87 3.2.1 Structure of Graph Data 87 3.2.2 Privacy Model for Graph Data 88 3.2.2.1 Identity Protection 89 3.2.2.2 Content Protection 90 3.2.2.3 Link Protection 90 3.2.2.4 Graph Metrics 92 3.3 Privacy Preserving Time Series Data 92 3.3.1 Challenges in Privacy Preservation of Time Series Data 94 3.3.1.1 High Dimensionality 94 3.3.1.2 Background Knowledge of the Adversary 95 3.3.1.3 Pattern Preservation 95 3.3.1.4 Preservation of Statistical Properties 95 3.3.1.5 Preservation of Frequency-Domain Properties 96 3.3.2 Time Series Data Protection Methods 96 3.3.2.1 Additive Random Noise 97 3.3.2.2 Perturbation of Time Series Data Using Generalization: k-Anonymization 99 3.4 Privacy Preservation of Longitudinal Data 100 3.4.1 Characteristics of Longitudinal Data 101 3.4.1.1 Challenges in Anonymizing Longitudinal Data 101 3.5 Privacy Preservation of Transaction Data 102 3.6 Summary 104 References 104 4. Static Data Anonymization Part III: Threats to Anonymized Data 106 4.1 Threats to Anonymized Data 106 4.2 Threats to Data Structures 110 4.2.1 Multidimensional Data 113 4.2.2 Longitudinal Data 113 4.2.3 Graph Data 114 4.2.4 Time Series Data 114 4.2.5 Transaction Data 115 4.3 Threats by Anonymization Techniques 116 4.3.1 Randomization (Additive) 117 4.3.2 k-Anonymization 117 4.3.3 l-Diversity 117 4.3.4 t-Closeness 117 4.4 Summary 117 References 118 5. Privacy Preserving Data Mining 120 5.1 Introduction 120 5.2 Data Mining: Key Functional Areas of Multidimensional Data 121 5.2.1 Association Rule Mining 121 5.2.1.1 Privacy Preserving of Association Rule Mining: Random Perturbation 123 5.2.2 Clustering 125 5.2.2.1 A Brief Survey of Privacy Preserving Clustering Algorithms 127 5.3 Summary 129 References 129 6. Privacy Preserving Test Data Manufacturing 130 6.1 Introduction 130 6.2 Related Work 131 6.3 Test Data Fundamentals 131 6.3.1 Testing 132 6.3.1.1 Functional Testing: System and Integration Testing 132 6.3.1.2 Nonfunctional Testing 132 6.3.2 Test Data 132 6.3.2.1 Test Data and Reliability 133 6.3.2.2 How Are Test Data Created Today? 135 6.3.3 A Note on Subsets 136 6.4 Utility of Test Data: Test Coverage 136 6.4.1 Privacy versus Utility 138 6.4.2 Outliers 139 6.4.3 Measuring Test Coverage against Privacy 140 6.5 Privacy Preservation of Test Data 140 6.5.1 Protecting Explicit Identifiers 140 6.5.1.1 Essentials of Protecting EI 141 6.5.1.2 What Do Tools Offer? 142 6.5.1.3 How Do Masking Techniques Affect Testing? 142 6.5.2 Protecting Quasi-Identifiers 145 6.5.2.1 Essentials of Protecting QI 145 6.5.2.2 Tool Offerings to Anonymize QI 146 6.5.2.3 How Does QI Anonymization Affect Test Coverage? 147 6.5.3 Protecting Sensitive Data (SD) 151 6.6 Quality of Test Data 151 6.6.1 Lines of Code Covered 152 6.6.2 Query Ability 153 6.6.3 Time for Testing 154 6.6.3.1 Test Completion Criteria 154 6.6.3.2 Time Factor 155 6.6.4 Defect Detection 156 6.7 Anonymization Design for PPTDM 156 6.8 Insufficiencies of Anonymized Test Data 158 6.8.1 Negative Testing 158 6.8.2 Sensitive Domains 158 6.8.3 Nonfunctional Testing 159 6.8.4 Regression Testing 159 6.8.5 Trust Deficit 159 6.9 Summary 159 References 160 7. Synthetic Data Generation 162 7.1 Introduction 162 7.2 Related Work 162 7.3 Synthetic Data and Their Use 163 7.4 Privacy and Utility in Synthetic Data 165 7.4.1 Explicit Identifiers 165 7.4.1.1 Privacy 165 7.4.1.2 Utility 166 7.4.1.3 Generation Algorithms 166 7.4.2 Quasi-Identifiers 166 7.4.2.1 Privacy 167 7.4.2.2 Utility 167 7.4.2.3 Generation Algorithms 168 7.4.3 Sensitive Data 169 7.4.3.1 Privacy 169 7.4.3.2 Utility 169 7.5 How Safe Are Synthetic Data? 172 7.5.1 Testing 172 7.5.1.1 Error and Exception Data 173 7.5.1.2 Scaling 173 7.5.1.3 Regression Testing 173 7.5.2 Data Mining 173 7.5.3 Public Data 173 7.6 Summary 174 References 174 8. Dynamic Data Protection: Tokenization 176 8.1 Introduction 176 8.2 Revisiting the Definitions of Anonymization and Privacy 176 8.3 Understanding Tokenization 178 8.3.1 Dependent Tokenization 178 8.3.2 Independent Tokenization 180 8.4 Use Cases for Dynamic Data Protection 180 8.4.1 Business Operations 181 8.4.2 Ad Hoc Reports for Regulatory Compliance 182 8.5 Benefits of Tokenization Compared to Other Methods 182 8.6 Components for Tokenization 183 8.6.1 Data Store 183 8.6.2 Tokenization Server 184 8.7 Summary 184 Reference 184 9. Privacy Regulations 186 9.1 Introduction 186 9.2 UK Data Protection Act 1998 188 9.2.1 Definitions 188 9.2.2 Problems in DPA 189 9.3 Federal Act of Data Protection of Switzerland 1992 192 9.3.1 Storing Patients’ Records in the Cloud 192 9.3.2 Health Questionnaires for Job Applicants 192 9.3.3 Transferring Pseudonymized Bank Customer Data Outside Switzerland 193 9.4 Payment Card Industry Data Security Standard (PCI DSS) 193 9.5 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) 195 9.5.1 Effects of Protection 197 9.5.2 Anonymization Considerations 197 9.5.2.1 Record Owner 198 9.5.2.2 Business Associate 199 9.5.3 Anonymization Design for HIPAA 199 9.5.4 Notes on EIs, QIs, and SD 202 9.5.4.1 Explicit Identifiers 202 9.5.4.2 Quasi-Identifiers 203 9.5.4.3 Sensitive Data 203 9.6 Anonymization Design Checklist 203 9.7 Summary 206 9.8 Points to Ponder 206 References 206 Appendix A: Anonymization Design Principles for Multidimensional Data 210 Appendix B: PPTDM Manifesto 228 Index 230 Content: "A Chapman & Hall Book" -- cover. 1. Introduction to data privacy -- 2. Static data anonymization part I : multidimensional data -- 3. Static data anonymization part II : complex data structures -- 4. Static data anonymization part III : threats to anonymiized data -- 5. Privacy preserving data mining -- 6. Privacy preserving test data manufacturing -- 7. Synthetic data generation -- 8. Dynamic data protection : tokenization -- 9. Privacy regulations.