JP5452187B2 - Public information privacy protection device, public information privacy protection method and program - Google Patents

Description

  The present invention relates to a privacy protection device for public information such as medical information, a privacy protection method for public information, and a program.

  Conventionally, statistical processing is performed based on a lot of data, for example, information such as age, gender, region, and race that are likely to cause a specific disease is widely disclosed, its trend analysis is performed, and it is used for countermeasures There is a case.

  However, when publishing data, since it is necessary to carefully protect the privacy so that the owner of the data is not specified, it is necessary to perform data transformation processing. Therefore, many techniques related to data transformation processing for protecting privacy have been disclosed so far (see, for example, Non-Patent Document 1).

B. Fung and K.K. Wang and P.W. Yu, “Top-down specialization for information and privacy preservation” Proc of ICDE 2005 pp. 205-216

  However, in the conventional methods, all data is treated equally to satisfy the optimal k-anonymity, but there is a problem that information required by the data user is lost.

  Therefore, the present invention has been made in view of the above-mentioned problems, and when data is processed, a priority order is set for each data, and the data user evaluates the deformed data using a function. It is an object of the present invention to provide a public information privacy protection device, a public information privacy protection method, and a program that hold as much information as possible.

  The inventor has proposed the following matters in order to solve the above problems. In addition, in order to make an understanding easy, although the code | symbol corresponding to embodiment of this invention is attached | subjected and demonstrated, it is not limited to this.

  (1) The present invention is a public information privacy protection device for processing data and protecting the privacy of the information to be disclosed. In consideration of the requirements of the user who uses the public information, Setting means for setting priority (weighting) for each attribute (for example, equivalent to the setting unit 2 in FIG. 1) and calculation for calculating evaluation points of each data based on the set priority (weighting) Means (for example, equivalent to the calculation unit 3 in FIG. 1) and processing method selection means (for example, the processing method selection unit in FIG. 1) for selecting a data processing method that minimizes the decrease in the calculated evaluation points. 4) and a data processing means (for example, corresponding to the processing unit 5 in FIG. 1) for processing data by the selected processing method. Proposal To have.

  According to this invention, the setting means sets the priority (weighting) for each attribute of the data in consideration of the requirements of the user who uses the public information. The calculation means calculates an evaluation point for each data based on the set priority (weighting). The processing method selection means selects a data processing method that minimizes the calculated decrease in evaluation points. The data processing means processes data using the selected processing method. Therefore, by setting the priority order for each data when processing the data, by evaluating the data deformed using a function to which a bottom-up process is applied, while maintaining as much information as required by the data user, Prevent data loss.

  (2) In the privacy protection device for public information according to (1), the processing method selection means selects a data processing method using bottom-up processing, and privacy protection for public information is provided. A device is proposed.

  According to this invention, the processing method selection means selects a data processing method using bottom-up processing. That is, in the bottom-up process, the same data is collected for each attribute, the sort process and the grouping process are performed, the number of attribute values of each attribute is calculated, and the evaluation point is calculated. Then, based on the set priority information (weighting) and k-anonymity determination, an attribute and a group to be processed are selected, and a decrease in evaluation points due to the processing is calculated. Since the processing is performed and the determination of k-anonymity is performed based on the processing result of the entire data set, information required by the data user is retained as much as possible, and data loss is prevented.

  (3) In the privacy protection device for public information according to (1), the data processing means satisfies the k-anonymity from the lowest priority (weighting) set in the setting means. We have proposed a privacy protection device for public information characterized by processing.

  According to this invention, the data processing means performs processing from the lowest priority (weighting) set in the setting means until k-anonymity is satisfied. Thus, by directly preventing a user from being identified by combining a plurality of pieces of information having low relevance with the user, information required by the data user can be retained as much as possible.

  (4) According to the privacy protection device for public information of (1), the present invention classifies each attribute of data into important information (Sensitive Information), quasi-identifier (Quasi-Identifier), and information to be deleted (for example, , Which corresponds to the classification unit 1 in FIG. 1), has been proposed.

  According to this invention, the classification means classifies each attribute of the data into important information (Sensitive Information), a quasi-identifier (Quasi-Identifier), and information to be deleted. Therefore, it is possible to eliminate information that can identify the user, and to reduce the relevance of the information and prevent the user from being identified by combining a plurality of pieces of information.

  (5) In the privacy protection device for public information of (4), the present invention does not process the important information (Sensitive Information), and the information to be deleted is automatically processed at the time of processing. It proposes a privacy protection device for public information, which is characterized by being deleted.

  According to the present invention, the important information (Sensitive Information) is not a target of processing, and the information to be deleted is automatically deleted at the time of processing. Thereby, it is possible to protect the privacy by excluding information that can directly identify the user, and to disclose important information.

  (6) In the privacy protection device for public information according to (1), the calculation unit multiplies the number of types of attribute values possessed by each attribute by the priority (weighting) set in the setting unit. An apparatus for protecting privacy of public information, characterized in that the evaluation points are calculated, is proposed.

  According to this invention, the calculation means calculates the evaluation point by multiplying the number of types of attribute values possessed by each attribute by the priority (weight) set in the setting means. Therefore, the higher the number of attribute value types and the higher the priority (weighting), the higher the probability that the original information is retained.

  (7) The present invention is a public information privacy protection device for processing data and protecting the privacy of the information to be disclosed. In consideration of the requirements of the user who uses the public information, Setting means for setting priority (weighting) for each attribute; calculation means for calculating evaluation points for each data based on the set priority (weighting); and increments of the calculated evaluation points An apparatus for protecting privacy of public information, comprising: a processing method selecting unit that selects a data processing method that maximizes data; and a data processing unit that processes data using the selected processing method. is suggesting.

  According to this invention, the setting means sets the priority (weighting) for each attribute of the data in consideration of the requirements of the user who uses the public information. The calculation means calculates an evaluation point for each data based on the set priority (weighting). The processing method selection means selects a data processing method that maximizes the calculated increase in evaluation points. The data processing means processes data using the selected processing method. Therefore, by setting the priority order for each data when processing the data and evaluating the deformed data using a function to which the top-down processing is applied, the information required by the data user is retained as much as possible, Prevent data loss.

  (8) The present invention provides a privacy protection method for public information in a public information privacy protection apparatus for processing data and protecting the privacy of the information to be disclosed, and is a requirement of a user who uses the public information In consideration of the above, a first step (for example, equivalent to step S201 in FIG. 5) for setting the priority (weighting) for each attribute of the data, and each priority based on the set priority (weighting) A second step (for example, corresponding to step S202 in FIG. 5) for calculating data evaluation points and a third step for selecting a data processing method that minimizes the decrease in the calculated evaluation points ( For example, this corresponds to step S203 in FIG. 5 and a fourth step (for example, step S204 in FIG. 5) for processing the data by the selected processing method. Proposes a privacy protection method for public information, characterized in that it comprises a considerable), the.

  According to the present invention, the priority (weighting) is set for each attribute of the data in consideration of the requirements of the user who uses the public information, and each data is set based on the set priority (weighting). The evaluation point is calculated. Then, a data processing method is selected such that the calculated reduction in the evaluation points is minimized, and the data is processed by the selected processing method. Therefore, by setting priorities for each data when processing the data and evaluating the transformed data using the function, the information required by the data user is retained as much as possible and data loss is prevented. .

  (9) The present invention is a bottom-up processing method for selecting a method for processing data, and includes a first step (for example, a diagram) for collecting the same data for each attribute and performing a sorting process and a grouping process. 4 (corresponding to step S101 in FIG. 4), a second step (for example, corresponding to step S102 in FIG. 4) for calculating the number of attribute values of each attribute, and a third step (for example in FIG. 4) for calculating evaluation points. Step S103), the set priority information (weighting), and the k-anonymity determination are used to select the attribute and group to be processed, and the evaluation point reduction due to the processing is calculated. Based on the fourth step (e.g., corresponding to step S104 in FIG. 4) and the selected group, and k− Fifth step for judging name (e.g., corresponding to step S105 in FIG. 4) proposes a bottom-up processing method characterized by comprising a, a.

  According to the present invention, the same data is collected for each attribute, the sorting process and the grouping process are performed, the number of attribute values of each attribute is calculated, and the evaluation point is calculated. Then, based on the set priority information (weighting) and k-anonymity determination, an attribute and a group to be processed are selected, and a decrease in evaluation points due to the processing is calculated. Processing is performed, and k-anonymity is determined based on the processing result of the entire data set. Therefore, the information required by the data user is retained as much as possible, and data loss is prevented.

  (10) The present invention is a privacy protection method for public information in a public information privacy protection apparatus for processing data and protecting privacy for public information, and is a requirement for a user who uses public information In consideration of the above, the first step of setting the priority (weighting) for each attribute of the data, and the second step of calculating the evaluation point of each data based on the set priority (weighting) And a third step of selecting a data processing method that maximizes the calculated increase in the evaluation points, and a fourth step of processing data by the selected processing method. We have proposed a privacy protection method for public information.

  According to this invention, the setting means sets the priority (weighting) for each attribute of the data in consideration of the requirements of the user who uses the public information. The calculation means calculates an evaluation point for each data based on the set priority (weighting). The processing method selection means selects a data processing method that maximizes the calculated increase in evaluation points. The data processing means processes data using the selected processing method. Therefore, by setting the priority order for each data when processing the data and evaluating the deformed data using a function to which the top-down processing is applied, the information required by the data user is retained as much as possible, Prevent data loss.

  (11) The present invention is a program for causing a computer to execute a privacy protection method for public information in a public information privacy protection device for processing data and protecting privacy for public information. The first step (for example, corresponding to step S201 in FIG. 5) for setting the priority (weighting) for each attribute of the data in consideration of the requirements of the user using the data, and the set priority A second step (for example, corresponding to step S202 in FIG. 5) for calculating evaluation points for each data based on (weighting), and a data processing method that minimizes the decrease in the calculated evaluation points A third step (for example, corresponding to step S203 of FIG. 5) and a second step of processing data by the selected processing method Step (e.g., corresponding to step S204 of FIG. 5) proposes a program for executing a, to the computer.

  According to the present invention, the priority (weighting) is set for each attribute of the data in consideration of the requirements of the user who uses the public information, and each data is set based on the set priority (weighting). The evaluation point is calculated. Then, a data processing method is selected such that the calculated reduction in the evaluation points is minimized, and the data is processed by the selected processing method. Therefore, by setting priorities for each data when processing the data and evaluating the transformed data using the function, the information required by the data user is retained as much as possible and data loss is prevented. .

  (12) The present invention is a program for causing a computer to execute a bottom-up processing method for selecting a method for processing data, and collects the same data for each attribute and performs sort processing and grouping processing. A first step (for example, corresponding to step S101 in FIG. 4), a second step for calculating the number of attribute values of each attribute (for example, corresponding to step S102 in FIG. 4), and a first step for calculating evaluation points Based on the step 3 (e.g., corresponding to step S103 in FIG. 4), the set priority information (weighting), and k-anonymity determination, the attribute and group to be processed are selected and processed. A fourth step (for example, equivalent to step S104 in FIG. 4) for calculating the reduction amount of the evaluation points, and processing is performed in the selected group Based on the data set overall processing result, k-fifth step of performing the anonymity of determination (e.g., corresponding to step S105 in FIG. 4) has proposed a program for executing a, to the computer.

  According to the present invention, the same data is collected for each attribute, the sorting process and the grouping process are performed, the number of attribute values of each attribute is calculated, and the evaluation point is calculated. Then, based on the set priority information (weighting) and k-anonymity determination, an attribute and a group to be processed are selected, and a decrease in evaluation points due to the processing is calculated. Processing is performed, and k-anonymity is determined based on the processing result of the entire data set. Therefore, the information required by the data user is retained as much as possible, and data loss is prevented.

  (13) The present invention is a program for causing a computer to execute a privacy protection method for public information in a public information privacy protection device for processing data and protecting privacy for public information. The first step of setting the priority (weighting) for each attribute of the data in consideration of the requirements of the user using the data, and the evaluation of each data based on the set priority (weighting) A second step of calculating points, a third step of selecting a data processing method that maximizes the increase in the calculated evaluation points, and a first step of processing data by the selected processing method A program for causing a computer to execute the four steps is proposed.

  According to this invention, the setting means sets the priority (weighting) for each attribute of the data in consideration of the requirements of the user who uses the public information. The calculation means calculates an evaluation point for each data based on the set priority (weighting). The processing method selection means selects a data processing method that maximizes the calculated increase in evaluation points. The data processing means processes data using the selected processing method. Therefore, by setting the priority order for each data when processing the data and evaluating the deformed data using a function to which the top-down processing is applied, the information required by the data user is retained as much as possible, Prevent data loss.

  According to the present invention, when data is processed, priority is set for each data, and the data requested by the data user can be held as much as possible by evaluating the transformed data using a function. effective.

It is a block diagram of the privacy protection apparatus of the public information which concerns on this embodiment. It is the figure which illustrated the data before the processing which concerns on this embodiment. It is the image figure which showed the bottom-up process which concerns on this embodiment. It is a processing flow of the privacy protection apparatus of the public information which concerns on this embodiment. It is a processing flow of the bottom-up process which concerns on this embodiment.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

<Configuration of privacy protection device for public information>
The configuration of the public information privacy protection apparatus according to the present embodiment will be described with reference to FIG. As shown in FIG. 1, the public information privacy protection apparatus according to this embodiment includes a classification unit 1, a setting unit 2, a calculation unit 3, a processing method selection unit 4, and a processing unit 5. Yes.

  The classification unit 1 classifies the original data into important information (Sensitive Information), a quasi-identifier (Quasi-Identifier), and information to be deleted according to each attribute of the data. In practice, the user performs classification by pointing a graphic display on a computer with a mouse or the like using a GUI (Graphical User Interface) or the like. Note that the attribute specified in the important information (Sensitive Information) is not changed. Information specified as information to be deleted is automatically deleted at the time of processing. Thereby, it is possible to protect the privacy by excluding information that can directly identify the user, and to disclose important information.

  The setting unit 2 sets the priority (weighting) for each attribute of the data in consideration of the requirements of the user who uses the public information. Specifically, each attribute is weighted by a user input. The weighting represents the priority order of attributes, and the attribute most important to the user is the highest. Further, in the processing process, the processing process is performed in order from the attribute with the lowest priority, and the process ends when the k-anonymity is satisfied. Therefore, the higher the attribute, the higher the probability that the original information is retained. In addition, the information requested by the data user can be held as much as possible by directly preventing the user from being identified by combining a plurality of pieces of information that are less relevant to the user. . A user inputs a priority order for each attribute using a GUI (Graphical User Interface) or the like. The user sets weighting points (numerical values) for each priority. This value is used when selecting an attribute for processing.

The calculation unit 3 calculates an evaluation point of each data based on the priority order (weighting) set in the setting unit 2. Specifically, the evaluation points are calculated using the following mathematical formula.
Evaluation point = (number of attribute values) * (weighting point)
Here, (number of attribute values) represents the number of types of attribute values possessed by the attribute. The attribute that minimizes the decrease in the evaluation points by the processing process is selected as the attribute to be processed.

  The processing method selection unit 4 selects a data processing method that minimizes the decrease in evaluation points calculated by the calculation unit 3. The processing method selection unit 4 uses bottom-up processing. Details of the bottom-up process will be described later. However, in the present embodiment, an example using bottom-up processing will be described. However, the present invention is not limited to this, and top-down processing described in prior art documents may be used. The processing unit 5 processes data by the processing method selected by the processing method selection unit 4.

<Data before processing>
The data before processing will be described with reference to FIG.
FIG. 2 illustrates medical information as data before processing, and in this example, the attributes of the data are “name”, “age”, “gender”, “hometown”, “race”, “Disease name” and the like are exemplified.

  In this example, a female 25-year-old A is a Japanese from Tokyo and has a disease called obesity, and a male 37-year-old B is a Japanese from Hokkaido and has a disease called diabetes. A 55-year-old male C is a Japanese from Okinawa and has been shown to have a disease of hypertension.

  Among these, the attribute “name” is classified as “information to be deleted” because it can directly identify an individual. Further, since the attribute “disease name” is privacy information, it is classified into “important information (Sensitive Information)”. Furthermore, since the attributes of “age”, “gender”, “birthplace”, and “race” are not information that can directly identify an individual, they are classified as “quasi-identifiers”. Weighting is performed according to the purpose of use.

<Bottom-up processing>
FIG. 3 is an image diagram showing a bottom-up process. As shown in this figure, the bottom-up process is a process for generating anonymous data by bottom-up from the start point to the end point. This bottom-up process will be described in detail with reference to FIGS.

  First, as shown in FIG. 3, a region satisfying the start point, the end point, and the optimum k-anonymity is set, and the same data is collected for each attribute and the sort process and group process are performed (step S101). Next, the number of attribute values for each attribute is calculated and plotted as shown in FIG. 3 (step S102).

  Next, an evaluation point is calculated (step S103). Then, based on the set priority information (weighting) and k-anonymity determination, an attribute and a group to be processed are selected, bottom-up from the start point, and a plurality of elements branching to the nearest hierarchy A reduction in evaluation points due to the processing is calculated (step S104).

  More specifically, with reference to FIG. 3, there are branches “A” and “B” with respect to the start point, and the decrease of the evaluation point due to the processing is calculated for each. Then, the one that minimizes the decrease in evaluation points due to the processing is selected. In the example of FIG. 3, this is “B”. Similarly, “B” has branches of “C”, “D”, and “E”, and for each, a decrease in the evaluation point due to the processing is calculated. Then, the one that minimizes the decrease in evaluation points due to the processing is selected. In the example of FIG. 3, this is “D”. Similarly, “D” has branches of “F”, “G”, and “H”, and the decrease of the evaluation point due to the processing is calculated for each. Then, the one that minimizes the decrease in evaluation points due to the processing is selected. In the example of FIG. 3, this is “G”. Similarly, “G” has branches of “I”, “J”, and “K”, and the decrease of the evaluation point due to the processing is calculated for each. Then, the one that minimizes the decrease in evaluation points due to the processing is selected. In the example of FIG. 3, this is “J”. Such processing is executed until the optimum k-anonymity is reached.

  That is, as described above, processing is performed on the selected group, and k-anonymity is determined based on the processing result of the entire data set (step S105). In the determination of k-anonymity, it is determined whether the input data set satisfies k-anonymity, and if so, the data is passed to the anonymous data set output. If not satisfied, the group that has not been satisfied is returned to step S101 as feedback information. Therefore, in the bottom-up process, information required by the data user can be retained as much as possible, and data loss can be prevented.

  The top-down process is a process opposite to the bottom-up process described above. In the case shown in FIG. 3, the top-down process is a process of generating anonymous data by bottom-up from the end point to the start point. In other words, in the bottom-up process, since the data belonging to each attribute is defined in advance as a group of several data, the evaluation points shown above are reduced, and the one with the smallest reduction is selected. In the top-down processing, the data belonging to each attribute is first treated as one chunk, and this is sequentially subdivided and processed, so that the evaluation points increase and the one with the largest increase is selected. Although there is such a difference, as a result, even when the top-down process is used, the same effect as that obtained when the bottom-up process is used can be obtained.

<Processing of privacy protection device for public information>
The processing of the public information privacy protection apparatus will be described with reference to FIG.
First, the priority (weighting) is set for each attribute of the data in consideration of the requirements of the user using the public information (step S102). Based on the set priority (weighting), the evaluation point of each data is calculated (step S102).

  Then, a data processing method is selected such that the calculated decrease in the evaluation points is minimized (step S103), and the data is processed using the selected processing method (step S104).

  Therefore, according to the present embodiment, the priority required for each data is set at the time of data processing, and the information requested by the data user is retained as much as possible by evaluating the deformed data using a function. Can do.

  The public information privacy protection device is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read into the public information privacy protection device and executed, thereby realizing the authentication system of the present invention. be able to. The computer system here includes an OS and hardware such as peripheral devices.

  Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW (World Wide Web) system is used. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.

DESCRIPTION OF SYMBOLS 1; Classification part 2; Setting part 3; Calculation part 4; Processing method selection part 5;

Claims (13)

A public information privacy protection device for processing data to protect the privacy of information to be disclosed.
Setting means for setting priority (weighting) for each attribute of the data according to the user's input in consideration of the requirements of the user using the public information;
Calculation means for calculating an evaluation point of each data based on the set priority (weighting);
A processing method selection means for selecting a data processing method that minimizes a decrease in the calculated evaluation point;
Data processing means for processing data by the selected processing method;
An apparatus for protecting privacy of public information, comprising:   The public information privacy protection apparatus according to claim 1, wherein the processing method selection unit selects a data processing method using bottom-up processing.   2. The privacy protection of public information according to claim 1, wherein the data processing unit performs processing from the lowest priority (weighting) set in the setting unit until k-anonymity is satisfied. apparatus.   The public information privacy protection apparatus according to claim 1, further comprising a classifying unit that classifies each attribute of the data into important information (Sensitive Information), a quasi-identifier (Quasi-Identifier), and information to be deleted.   5. The privacy of public information according to claim 4, wherein the important information (Sensitive Information) is not subject to processing, and the information to be deleted is automatically deleted at the time of processing. Protective device.   The public information according to claim 1, wherein the calculation unit calculates the evaluation point by multiplying the number of types of attribute values possessed by each attribute by the priority (weighting) set in the setting unit. Privacy protection device. A public information privacy protection device for processing data to protect the privacy of information to be disclosed.
Setting means for setting priority (weighting) for each attribute of the data according to the user's input in consideration of the requirements of the user using the public information;
Calculation means for calculating an evaluation point of each data based on the set priority (weighting);
A processing method selection means for selecting a data processing method that maximizes the increase in the calculated evaluation points;
Data processing means for processing data by the selected processing method;
An apparatus for protecting privacy of public information, comprising: A method for protecting the privacy of public information in a public information privacy protection device for processing data and protecting the privacy of information to be disclosed.
A first step of setting a priority (weighting) for each attribute of the data according to the input of the user in consideration of the requirements of the user using the public information;
A second step of calculating an evaluation point of each data based on the set priority (weighting);
A third step of selecting a data processing method that minimizes the decrease in the calculated evaluation points;
A fourth step of processing the data with the selected processing method;
A method for protecting the privacy of public information, comprising: A bottom-up processing method for selecting a method for processing data,
A first step of collecting the same data for each attribute and performing a sorting process and a grouping process;
A second step of calculating the number of attribute values for each attribute;
A third step of calculating evaluation points;
A fourth step of selecting an attribute and a group to be processed based on the set priority information (weighting) and k-anonymity determination, and calculating a reduction in evaluation points by the processing;
A fifth step of performing processing in the selected group and determining k-anonymity based on the processing result of the entire data set;
A bottom-up processing method characterized by comprising: A method for protecting the privacy of public information in a public information privacy protection device for processing data and protecting the privacy of information to be disclosed.
A first step of setting a priority (weighting) for each attribute of the data according to the input of the user in consideration of the requirements of the user using the public information;
A second step of calculating an evaluation point of each data based on the set priority (weighting);
A third step of selecting a data processing method that maximizes the calculated increase in evaluation points;
A fourth step of processing the data with the selected processing method;
A method for protecting the privacy of public information, comprising: A program for causing a computer to execute a privacy protection method for public information in a public information privacy protection device for processing data and protecting privacy for information to be disclosed,
A first step of setting a priority (weighting) for each attribute of the data according to the input of the user in consideration of the requirements of the user using the public information;
A second step of calculating an evaluation point of each data based on the set priority (weighting);
A third step of selecting a data processing method that minimizes the decrease in the calculated evaluation points;
A fourth step of processing the data with the selected processing method;
A program that causes a computer to execute. A program for causing a computer to execute a bottom-up processing method for selecting a method for processing data,
A first step of collecting the same data for each attribute and performing a sorting process and a grouping process;
A second step of calculating the number of attribute values for each attribute;
A third step of calculating evaluation points;
A fourth step of selecting an attribute and a group to be processed based on the set priority information (weighting) and k-anonymity determination, and calculating a reduction in evaluation points by the processing;
A fifth step of performing processing in the selected group and determining k-anonymity based on the processing result of the entire data set;
A program that causes a computer to execute. A program for causing a computer to execute a privacy protection method for public information in a public information privacy protection device for processing data and protecting privacy for information to be disclosed,
A first step of setting a priority (weighting) for each attribute of the data according to the input of the user in consideration of the requirements of the user using the public information;
A second step of calculating an evaluation point of each data based on the set priority (weighting);
A third step of selecting a data processing method that maximizes the calculated increase in evaluation points;
A fourth step of processing the data with the selected processing method;
A program that causes a computer to execute.

Images