This paper derives fundamental bounds on privacy achievable in future human-centric cyber-physical systems, where time-series sensor data are shared among individuals to compute aggregate information of mutual interest. For example, individual GPS-trajectories may be shared to compute average traffic speed at different locations. An optimal trade-off is explored between individual user privacy, achieved by perturbing data prior to sharing, and the corresponding accuracy of computed aggregate information. The work is motivated by an emergent category of cyber-physical applications that involves large-scale interaction between humans, networked engineered artifacts, and the physical world. These applications are brought about by the proliferation of personal sensing devices of everyday use, leading to unprecedented opportunities for sensory data collection and sharing. The collection of sensory data from large numbers of participants offers privacy as a major new cyber-physical system challenge. In this paper, we propose a novel privacy measure, based on mutual information, and derive a perturbation algorithm, to apply prior to data sharing, that guarantees a least upper bound on the privacy measure. The new algorithm effectively hides individual user data by optimally perturbing the time-series using knowledge of only the mean and the covariance of the original data. We evaluate it using both synthetic data and collected real application data. The results show that the method significantly improves the trade-off between privacy and the accuracy of reconstruction of aggregate information from shared perturbed data.