Using Boolean reasoning to anonymize databases

This paper investigates how Boolean reasoning can be used to make the recor ds in a database anonymous. In a medical setting, this is of particular int erest due to privacy issues and to prevent the possible misuse of confident ial information. As electronic medical records and medical data repositorie s get more common and widespread, the issue of making sensitive data anonym ous becomes increasingly important. A theoretically well-founded algorithm is proposed that via cell suppression can be used to make a database anonym ous before releasing or sharing it to the outside world. The degree of anon ymity can be tailored according to the specific needs of the recipient, and according to the amount of trust we place in the recipient. Furthermore, t he required measure of anonymity can be specified as far down as to the ind ividual objects in the database. The algorithm can also be used for anonymi zation relative to a particular piece of information, effectively blocking deterministic inferences about sensitive database fields. (C) 1994 Elsevier Science B.V. All rights reserved.