Differential Privacy and Statistical Disclosure Risk Measures: An Investigation with Binary Synthetic Data

Authors:
David McClure;Jerome P. Reiter
Affiliations:
Department of Statistical Science/ Duke University/ Box 90251/ Durham/ 27708/ USA. e-mail: david.mcclure52@gmail.com;Department of Statistical Science, Duke University, Box 90251, Durham, 27708, USA. e-mail: jerry@stat.duke.edu
Venue:
Transactions on Data Privacy
Year:
2012

Citing 9
Cited 0

Privacy, accuracy, and consistency too: a holistic solution to contingency table release

Proceedings of the twenty-sixth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
A learning theory approach to non-interactive database privacy

STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Accounting for Intruder Uncertainty Due to Sampling When Estimating Identification Disclosure Risks in Partially Synthetic Data

PSD '08 Proceedings of the UNESCO Chair in data privacy international conference on Privacy in Statistical Databases
How Protective Are Synthetic Data?

PSD '08 Proceedings of the UNESCO Chair in data privacy international conference on Privacy in Statistical Databases
Privacy: Theory meets Practice on the Map

ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Comparing Fully and Partially Synthetic Datasets for Statistical Disclosure Control in the German IAB Establishment Panel

Transactions on Data Privacy
Random Forests for Generating Partially Synthetic, Categorical Data

Transactions on Data Privacy
Evaluating Laplace Noise Addition to Satisfy Differential Privacy for Numeric Data

Transactions on Data Privacy
Differential privacy

ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II

Quantified Score

Hi-index	0.00

Visualization

Abstract

We compare the disclosure risk criterion of e-differential privacy with a criterion based on probabilities that intruders uncover actual values given the released data. To do so, we generate fully synthetic data that satisfy e-differential privacy at different levels of e, make assumptions about the information available to intruders, and compute posterior probabilities of uncovering true values. The simulation results suggest that the two paradigms are not easily reconciled, since differential privacy is agnostic to the specific values in the observed data whereas probabilistic disclosure risk measures depend greatly on them. The results also suggest, perhaps surprisingly, that probabilistic disclosure risk measures can be small even when e is large. Motivated by these findings, we present an alternative disclosure risk assessment approach that integrates some of the strong confidentiality protection features in e-differential privacy with the interpretability and data-specific nature of probabilistic disclosure risk measures.