Privacy requirements have an increasing impact on the realization
of modern applications. Technical considerations and many significant
commercial and legal regulations demand today that privacy guarantees
be provided whenever sensitive information is stored, processed,
or communicated to external parties. It is therefore crucial to design solutions
able to respond to this demand with a clear integration strategy
for existing applications and a consideration of the performance impact
of the protection measures.
In this paper we address this problem and propose a solution to enforce
privacy over data collections by combining data fragmentation with
encryption. The idea behind our approach is to use encryption as an underlying
(conveniently available) measure for making data unintelligible,
while exploiting fragmentation as a way to break sensitive associations
between information.