We propose a modeling of the problem of privacy-compliant
data publishing that captures confidentiality constraints on
one side and visibility requirements on the other side. Confidentiality
constraints express the fact that some attributes,
or associations among them, are sensitive and cannot be released.
Visibility requirements express requests for views
over data that should be provided. We propose a solution
based on data fragmentation to split sensitive associations
while ensuring visibility. In addition, we show how sensitive associations broken by fragmentation can be released
in a sanitized form as loose associations formed in a way to guarantee a specified degree of privacy.