Dynamic data anonymization utilizes the introduction, tracking, and checking of taint information. During taint introduction, taint information relevant to a source of input data is bound with that data, and the taint information stored as metadata. During taint tracking, the taint information is maintained with the original data over its lifespan, and is also propagated with any derivative data generated from the original data. An anonymization procedure considers the taint information as semantic content to covert the data into anonymous form. Taint checking during anonymization determines whether a data object or a variable is tainted, and identifies the relevant taint information to allow the output of data in anonymous form. Introduction, tracking, and checking of semantic taint information permits embodiments to dynamically calculate anonymization metrics (e.g., k-anonymization, l-diversity) on the basis of the semantics of taint metadata that is actually present. This imparts resilience against accidental disclosure of privacy data.