Privacy, Data and the Individual. Diferentially Data sets : methods and mitigations series

Abstract

Data set releases are the most convenient way to make data available for secondary use: in principle, they allow analysts to carry out any data analysis task (e.g., exploratory data analysis). However, data set releases are a great threat to privacy. This is the issue that privacy preserving data publishing (PPDP) aims to address. Among the available sanitization methods, differential privacy (DP) stands out for the strong privacy guarantees it offers. The fact that DP offers protection regardless of the side information available to intruders is very convenient in the current landscape (pervasive data collection and many untrusted data controllers). However, such strong guarantees have a downside: the information loss we incur when using DP is likely to be large. As a result, there is no standard methodology to generate DP data sets and the use of DP for PPDP is rather limited. In this work, we review the main approaches used in the generation of DP data sets (i.e., histograms, and record aggregation and masking), and describe the advantages and the limitations of each of these approaches in terms of computational cost and information loss. Next, we describe some of the strategies that have been proposed to mitigate the previously described limitations. Among these, we highlight two common strategies: to increase the privacy budget, and to use a relaxed version of DP. Using large privacy budgets is common; however, it has an important downside: DP itself becomes meaningless. Using relaxed versions of DP allows us reduce the information loss while keeping reduced but meaningful privacy guarantees.