Privacy preserving data anonymisation: an experimental examination of customer data for POPI compliance in South Africa
| dc.contributor.advisor | Hutchison, Andrew | |
| dc.contributor.author | Chetty, Nirvashnee | |
| dc.date.accessioned | 2020-12-30T10:17:54Z | |
| dc.date.available | 2020-12-30T10:17:54Z | |
| dc.date.issued | 2020 | |
| dc.description.abstract | Data has become an essential commodity in this day and age. Organisations want to share the massive amounts of data that they collect as a way to leverage and grow their businesses. On the other hand, the need to maintain privacy is critical in order to avoid the release of sensitive information. This has been shown to be a constant challenge, namely the trade-off between preserving privacy and data utility [1]. This study performs an evaluation of privacy models together with their relevant tools and techniques to ascertain whether data can be anonymised in such a way that it can be in compliance with the Protection of Personal Information (POPI) Act and preserve the privacy of individuals. The results of this research should provide a practical solution for organisations in South Africa to adequately anonymise customer data to ensure POPI Act compliance with the use of a software tool. An experimental environment was setup with the ARX de-identification tool as the tool of choice to implement the privacy models. Two privacy models, namely k-anonymity and ldiversity, were tested on a publicly available data set. Data quality models as well as privacy risk measures were implemented. The results of the study showed that when taking both data utility and privacy risks into consideration, neither privacy model was the clear winner. The K-anonymity privacy model was a better choice for data utility, whereas the l-diversity privacy model was a better choice for privacy preservation by reducing re-identification risks. Therefore, in relation to the aim of the study which is to compare the results of data anonymisation to ensure that data privacy needs are met more than data utility, the result showed that the l-diversity privacy model was the preferred model. Finally, considering that the POPI Act is still awaiting the final step to be promulgated, there is time to conduct further experiments in the various ways to practically implement and apply data anonymisation techniques in the day-to-day processing of data and information in South Africa. | |
| dc.identifier.apacitation | Chetty, N. (2020). <i>Privacy preserving data anonymisation: an experimental examination of customer data for POPI compliance in South Africa</i>. (Master Thesis). University of Cape Town. Retrieved from http://hdl.handle.net/11427/32448 | en_ZA |
| dc.identifier.chicagocitation | Chetty, Nirvashnee. <i>"Privacy preserving data anonymisation: an experimental examination of customer data for POPI compliance in South Africa."</i> Master Thesis., University of Cape Town, 2020. http://hdl.handle.net/11427/32448 | en_ZA |
| dc.identifier.citation | Chetty, N. 2020. Privacy preserving data anonymisation: an experimental examination of customer data for POPI compliance in South Africa. Master Thesis. University of Cape Town. http://hdl.handle.net/11427/32448 | en_ZA |
| dc.identifier.ris | TY - Master Thesis AU - Chetty, Nirvashnee AB - Data has become an essential commodity in this day and age. Organisations want to share the massive amounts of data that they collect as a way to leverage and grow their businesses. On the other hand, the need to maintain privacy is critical in order to avoid the release of sensitive information. This has been shown to be a constant challenge, namely the trade-off between preserving privacy and data utility [1]. This study performs an evaluation of privacy models together with their relevant tools and techniques to ascertain whether data can be anonymised in such a way that it can be in compliance with the Protection of Personal Information (POPI) Act and preserve the privacy of individuals. The results of this research should provide a practical solution for organisations in South Africa to adequately anonymise customer data to ensure POPI Act compliance with the use of a software tool. An experimental environment was setup with the ARX de-identification tool as the tool of choice to implement the privacy models. Two privacy models, namely k-anonymity and ldiversity, were tested on a publicly available data set. Data quality models as well as privacy risk measures were implemented. The results of the study showed that when taking both data utility and privacy risks into consideration, neither privacy model was the clear winner. The K-anonymity privacy model was a better choice for data utility, whereas the l-diversity privacy model was a better choice for privacy preservation by reducing re-identification risks. Therefore, in relation to the aim of the study which is to compare the results of data anonymisation to ensure that data privacy needs are met more than data utility, the result showed that the l-diversity privacy model was the preferred model. Finally, considering that the POPI Act is still awaiting the final step to be promulgated, there is time to conduct further experiments in the various ways to practically implement and apply data anonymisation techniques in the day-to-day processing of data and information in South Africa. DA - 2020 DB - OpenUCT DP - University of Cape Town LK - https://open.uct.ac.za PY - 2020 T1 - Privacy preserving data anonymisation: an experimental examination of customer data for POPI compliance in South Africa TI - Privacy preserving data anonymisation: an experimental examination of customer data for POPI compliance in South Africa UR - http://hdl.handle.net/11427/32448 ER - | en_ZA |
| dc.identifier.uri | http://hdl.handle.net/11427/32448 | |
| dc.identifier.vancouvercitation | Chetty N. Privacy preserving data anonymisation: an experimental examination of customer data for POPI compliance in South Africa. [Master Thesis]. University of Cape Town, 2020 [cited yyyy month dd]. Available from: http://hdl.handle.net/11427/32448 | en_ZA |
| dc.language.iso | eng | |
| dc.publisher | University of Cape Town | |
| dc.publisher.department | Department of Computer Science | |
| dc.publisher.faculty | Faculty of Science | |
| dc.subject.other | Computer Science | |
| dc.subject.other | Data Anonymisation | |
| dc.title | Privacy preserving data anonymisation: an experimental examination of customer data for POPI compliance in South Africa | |
| dc.type | Master Thesis | |
| dc.type.qualificationlevel | Masters | |
| dc.type.qualificationname | MSc | |
| uct.type.publication | Research | |
| uct.type.resource | Master Thesis |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- thesis_sci_2020_chetty_nirvashnee.pdf
- Size:
- 3.17 MB
- Format:
- Adobe Portable Document Format
- Description: