When confidential data is released for use, it needs to satisfy two conflicting goals: privacy (e.g. the minimum number of individuals to which a single individual can be related) and information utility (e.g. the precision and completeness of the data). Before a technique is used to anonymise data, the required minimum levels of privacy and information utility need to be determined. Ideally, both privacy and information utility levels should be maximised. However, the higher the required level of privacy, the lower the utility value of the released data.

Although different models and tools have been proposed to anonymise data, the models and tools can be used inefficiently. They can be used to anonymise data to a degree which is unnecessarily too high for a particular situation and environment in order to meet specific required privacy goal, which leads to unnecessary loss in information utility. Conversely, the use of the models and tools can also lead to data that is anonymised such that acceptable levels of information utility are achieved, but the data is anonymised to a degree far too low to meet the required privacy goals.

To date, no model or tool has been proposed that could be used to guide the selection of an appropriate level of privacy and information utility when releasing data for different uses, and which would be sufficiently formal and yet simple enough to use. Without such guidelines or tool to guide the selection of optimal levels of privacy and information utility (taking into account the purpose for which the released data will be used and in which type of environment), it is difficult to find a good balance between the two goals. This project aims to address this problem.

The primary objective of the project is to design and implement a data anonymisation process which:

• Determines the optimal levels of privacy and information utility that anonymised data should possess. The levels of privacy and information utility should be dependent on:
  • The type of data (content) being anonymised (e.g. medical or financial data),
  • The purpose for which the data will be used (e.g. the type of research and analysis work carried out based on the data),
  • The environment in which the data will be used
• Anonymises the data in such a way that the identified levels of privacy and information utility are achieved.

This objective will be achieved by:

1. Developing a model that will determine the optimal levels of privacy and information utility that anonymised data should possess, based on the type of data being anonymised, the purpose for which the data will be used, as well as the environment in which the data will be used.
   
2. Implementing the model in a data anonymisation tool, which can be integrated into any database system that requires the storage and analysis of anonymised data. The tool will implement the entire data anonymisation process, using the outputs of the formal model developed in (1) above to guide the anonymisation of data.
   

• Expertise in development / deployment / use of data anonymisation tools.
• Expertise in the processing and analysis of anonymised data.
• Expertise in the development and / or provision of information security tools / services (not limited to data privacy).
• Expertise in the development and / or provision of user authentication tools / services.

• Design and implementation of tools and services required to secure information (not limited to data privacy).
• Testing the applicability and practicality of the data anonymisation model and tool.
• Finding applications for the data anonymisation tool.

• Institutions that produce and / or process confidential data, e.g. hospitals, financial institutions.
• Statistical organisations.
• Other research / industry / academic institutions that can work on related security topics, such as Identity Management, User Authentication, Data Security.
• Organisations that would represent the end-users of this project, to test and evaluate the developed solution.