Differentially Private Profiling of Anonymized Customer Purchase Records

Abstract

In assessing accurately the risk of being compromised, anonymized data must consider the balance between utility and security. In this paper, we propose a new model for profiling customer purchase records. Our model uses a fixed-size vector that indicates the set of all goods that a customer has purchased. Aggregating all records for n customers gives a profile matrix for a customer base. Our interest is in assessing the risk of re-identification by an adversary who has access to the profile matrix as an adversarial knowledge. To evaluate the privacy budget of the differential privacy, we estimate the probability that a dataset has a profile under some reasonable assumptions. This profile probability allows us to estimate not only the privacy of the profile, but also its utility in the form of its mean absolute error. We have examined the privacy gain expected by performing representative anonymizations, including top/bottom coding, sampling/suppression, and generalization (the fundamental techniques in k-anonymity). These anonymization are modeled by means of simple factors, which allow us to estimate the privacy loss and the mean absolute error under the assumption that the profile’s bit errors occur as a sum of independent and identically distributed random variables characterized by the number of records.