Randomized addition of sensitive attributes for l-diversity

When a data holder wants to share databases that contain personal attributes, individual privacy needs to be considered. Existing anonymization techniques, such as l-diversity, remove identifiers and generalize quasi-identifiers (QIDs) from the database to ensure that adversaries cannot specify each individual´s sensitive attributes. Usually, the database is anonymized based on one-size-fits-all measures. Therefore, it is possible that several QIDs that a data user focuses on are all generalized, and the anonymized database has no value for the user. Moreover, if a database does not satisfy the eligibility requirement, we cannot anonymize it by existing methods. In this paper, we propose a new technique for l-diversity, which keeps QIDs unchanged and randomizes sensitive attributes of each individual so that data users can analyze it based on QIDs they focus on and does not require the eligibility requirement. Through mathematical analysis and simulations, we will prove that our proposed method for l-diversity can result in a better tradeoff between privacy and utility of the anonymized database.