An improved security requirement for data perturbation with implications for e-commerce

With the rapid increase in the ability to store and analyze large amounts of data, organizations are gathering extensive data regarding their customers, vendors, and other entities. There has been a concurrent increase in the demand for preserving the privacy of confidential data that may be collected. The rapid growth of e-commerce has also increased calls for maintaining privacy and confidentiality of data. For numerical data, data perturbation methods offer an easy yet effective solution to the dilemma of providing access to legitimate users while protecting the data from snoopers (legitimate users who perform illegitimate analysis). In this study, we define a new security requirement that achieves the objective of providing access to legitimate users without an increase in the ability of a snooper to predict confidential information. We also derive the specifications under which perturbation methods can achieve this objective. Numerical examples are provided to show that the use of the new specification achieves the objective of no additional information to the snooper. Implications of the new specification for e-commerce are discussed.