732 ITU‐T's Technical Reports and Specifications Table 8 – Anonymized medical record Birth Gender ID Problem 1970 female 121 Cold Alice 1970 female 121 Cold 1970 female 121 Cold 198* human 12* poor circulation 198* human 12* poor circulation 198* human 12* Headache Bob 198* human 12* Headache The demand for the secondary use of the data such as medical records is increasing, because it may enable the estimation of infection routes. However, medical data frequently includes sensitive and private information. The medical data providers should define the anonymization methods and the related privacy protection levels when publishing the data. In addition, when the data provider permits several methods of anonymization, the consumers of the data must select a method that matches their requirements. Moreover, consumers of the anonymized data should avoid obtaining private data that exceeds their requirements, including situations where the data provider permits the lower protection level and thus provides the private data. Therefore, the anonymization data infrastructure should provide a method to define anonymization methods and protection levels that fulfil the requirements for both data providers and data consumers. In order to meet these requirements, data publishing with anonymization is required. However, PPDP utilizing anonymization has numerous problems. One of the problems is that no protocols and formats currently exist to enable secure data publishing, as described in the introduction. The other is loss of anonymity by publishing the same data multiple times. Table 6 is an example of a medical record data table. Table 7 is an anonymized data table with data from Table 6, and Table 8 is another anonymized data table with data from Table 6. In this case, those who can obtain both the anonymized data of and k=3 can obtain the data, including situations where the data provider did not permit the publishing of k=1 data. This results in the leak of privacy information. One cause of this problem is that previously published data is not referenced in the anonymization process; as a result the coherence between the and k=3 data was severed. Table 9 is another example of a k = 3 data table. Utilizing Table 9 instead of Table 8 avoids the problem described above. Table 9 was generated by anonymizing Table 7 instead of anonymizing Table 6, to maintain coherency in masking and generalization. This anonymizing process can prevent further leaks of privacy information. To address these problems, a data‐publishing infrastructure is shown as a solution. It manages the previously published data for the anonymization without the loss of anonymity and provides safe secondary use and anonymization. For encryption technology, it utilizes public key infrastructure (PKI). Certificate authority serves a function as an authorized organization for certifying the public key of servers on the Internet. For this discussion, the anonymization technology and this infrastructure can be associated with the encryption technology and PKI, respectively.