Abstract: In this paper, we propose a upper-bound privacy leakage constraint based approach to identify which intermediate datasets need to be encrypted and which do not, so that privacy preserving cost can be saved while the privacy requirements of data holders can still be satisfied. To identify and encrypt all functionally encrypt able data, sensitive data that can be encrypted without limiting the functionality of the application on the cloud. However, Preserving the privacy of intermediate datasets becomes a challenging problem because adversaries may recover privacy-sensitive information by analyzing multiple intermediate datasets. Encrypting all datasets in cloud is widely adopted in existing approaches to address this challenge. But we argue that encrypting all intermediate datasets are neither efficient nor cost-effective because it is very time consuming and costly for data-intensive applications to encrypt/decrypt datasets frequently while performing any operation on them. In order to preserve privacy, the clients will encrypt their data when they out- source it to the cloud. However, the encrypted form of data greatly impedes the utilization due to its randomness. Such data would be stored on the cloud only in an encrypted form, accessible only to users with the correct keys, thus protecting its confidentiality against unintentional errors and attacks.