How do we classify the attributes in a dataset, and why does the classification drive the whole anonymization strategy?
Attributes are split into Identifying, Quasi-Identifying, and Sensitive — each demanding a different treatment.
* Attribute classes drive treatment: remove identifiers, generalize quasi-identifiers, keep sensitive values unlinkable. *
| Class | What it is | Example | Treatment |
|---|---|---|---|
| Identifying | Directly identifies a person | Name, SSN, passport no. | Remove or replace |
| Quasi-Identifying (QID) | Identifies in combination with other data | Gender, age, ZIP code, nationality | Generalize or suppress |
| Sensitive | The thing you actually want to protect | Disease, salary, criminal record | Must not be linkable to an individual |
The strategy follows the labels: you don't protect a sensitive value by hiding it — you protect it by making sure no one can pin which person it belongs to. That means taming the quasi-identifiers, not just deleting names.
Tip: The same column can change class with context. A ZIP code is a QID; in a study about neighborhoods it might be the sensitive attribute. Always classify against your specific use case and attacker.
Go deeper:
Data anonymization (Wikipedia) — identifiers vs quasi-identifiers vs sensitive and their treatments.
k-Anonymity (Sweeney, 2002) — origin of the quasi-identifier concept.