Databases often comprise sensitive data. For example, databases containing records of clients at a hospital may include references to the names of clients, their particular medical histories, and other details such as the age, height, weight, etc. Another example of a database containing sensitive data would be a database at a bank including customers' names, account numbers, and transaction histories.
In order to perform market research, for example for determining improvements that can be made to services, or to monitor trends, it is generally necessary to use genuine data. However, when the genuine data is sensitive data, for example including client records, confidentiality of the client must be maintained, and therefore the database is preferably anonymized prior to providing this data to third parties.
Techniques are known for anonymizing data, however a difficulty in prior art systems is that there is currently no effective method of knowing when data has been sufficiently anonymized so that it can be provided to third parties without the risk of jeopardizing confidentiality. There is thus a technical problem in providing a system that is able to determine when data may be transmitted to third parties, in other words when the data has been sufficiently anonymized.