Incremental k-Anonymous Microaggregation in Large-Scale Electronic Surveys with Optimized Scheduling

Improvements in technology have led to enormous volumes of detailed personal information made available for any number of statistical studies. This has stimulated the need for anonymization techniques striving to attain a difficult compromise between the usefulness of the data and the protection of our privacy. The k-anonymous microaggregation permits releasing a dataset where each person remains indistinguishable from other k - 1 individuals, through the aggregation of demographic attributes, otherwise a potential culprit for respondent reidentification. Although privacy guarantees are by no means absolute, the elegant simplicity of the k-anonymity criterion and the excellent preservation of information utility of microaggregation algorithms has turned them into widely popular approaches whenever data utility is critical. Unfortunately, high-utility algorithms on large datasets inherently require extensive computation. This paper addresses the need of running k-anonymous microaggregation efficiently with mild distortion loss, exploiting the fact that the data may arrive over an extended period of time. Specifically, we propose to split the original dataset into two portions that will be processed subsequently, allowing the first process to start before the entire dataset is received while leveraging the superlinearity of the involved microaggregation algorithms. A detailed mathematical formulation enables us to calculate the optimal time for the fastest anonymization as well as for minimum distortion under a given deadline. Two incremental microaggregation algorithms are devised, for which extensive experimentation is reported. The presented theoretical methodology should prove invaluable in numerous data-collection applications, including large-scale electronic surveys in which computation is possible as the data come in.