Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Continual Release of Differentially Private Synthetic Data from Longitudinal Data Collections

Mark Bun, Marco Gaboardi, Marcel Neunhoeffer, Wanrong Zhang

TL;DR

This paper tackles the problem of privately and continually releasing synthetic data from longitudinal studies under user-level differential privacy. It introduces a formal model with time-evolving input and synthetic data, and two query classes: fixed time window and cumulative time queries. The authors develop two two-phase algorithms that first privatize noisy statistics and then enforce temporal consistency, achieving near-tight upper bounds on error under zero-concentrated DP and validating the approach on Census-like data (SIPP). They address practical aspects like negative counts and monotonicity, provide debiasing post-processing, and demonstrate that synthetic data can accurately reflect longitudinal trends while preserving privacy. The work advances practical DP synthetic data for longitudinal releases, enabling exploratory analyses without compromising subject privacy or data integrity across time.

Abstract

Motivated by privacy concerns in long-term longitudinal studies in medical and social science research, we study the problem of continually releasing differentially private synthetic data from longitudinal data collections. We introduce a model where, in every time step, each individual reports a new data element, and the goal of the synthesizer is to incrementally update a synthetic dataset in a consistent way to capture a rich class of statistical properties. We give continual synthetic data generation algorithms that preserve two basic types of queries: fixed time window queries and cumulative time queries. We show nearly tight upper bounds on the error rates of these algorithms and demonstrate their empirical performance on realistically sized datasets from the U.S. Census Bureau's Survey of Income and Program Participation.

Continual Release of Differentially Private Synthetic Data from Longitudinal Data Collections

TL;DR

This paper tackles the problem of privately and continually releasing synthetic data from longitudinal studies under user-level differential privacy. It introduces a formal model with time-evolving input and synthetic data, and two query classes: fixed time window and cumulative time queries. The authors develop two two-phase algorithms that first privatize noisy statistics and then enforce temporal consistency, achieving near-tight upper bounds on error under zero-concentrated DP and validating the approach on Census-like data (SIPP). They address practical aspects like negative counts and monotonicity, provide debiasing post-processing, and demonstrate that synthetic data can accurately reflect longitudinal trends while preserving privacy. The work advances practical DP synthetic data for longitudinal releases, enabling exploratory analyses without compromising subject privacy or data integrity across time.

Abstract

Motivated by privacy concerns in long-term longitudinal studies in medical and social science research, we study the problem of continually releasing differentially private synthetic data from longitudinal data collections. We introduce a model where, in every time step, each individual reports a new data element, and the goal of the synthesizer is to incrementally update a synthetic dataset in a consistent way to capture a rich class of statistical properties. We give continual synthetic data generation algorithms that preserve two basic types of queries: fixed time window queries and cumulative time queries. We show nearly tight upper bounds on the error rates of these algorithms and demonstrate their empirical performance on realistically sized datasets from the U.S. Census Bureau's Survey of Income and Program Participation.
Paper Structure (40 sections, 10 theorems, 26 equations, 8 figures, 3 algorithms)

This paper contains 40 sections, 10 theorems, 26 equations, 8 figures, 3 algorithms.

Table of Contents

  1. Introduction
  2. Our model
  3. Differential privacy.
  4. Accuracy with respect to $\mathcal{Q}$.
  5. Our results.
  6. Fixed time window queries.
  7. Cumulative time queries.
  8. Related work
  9. Preliminaries
  10. Continual synthetic data
  11. Continual release of synthetic data.
  12. Fixed time window queries.
  13. Cumulative time queries.
  14. Reducing cumulative time queries to fixed time window queries.
  15. Differential privacy background
  16. ...and 25 more sections

Key Result

Theorem 2.1

Let $\mathcal{M}_1: \mathcal{X}^T \rightarrow \mathcal{R}$ is $\rho$-zCDP and $\mathcal{M}_2: \mathcal{X}^T \rightarrow \mathcal{R}$ is $\rho'$-zCDP, then the mechanism defined as $(\mathcal{M}_1, \mathcal{M}_2)$ satisfies $(\rho+\rho')$-zCDP.

Figures (8)

  • Figure 1: Proportions of SIPP Households in poverty per quarter in 2021. Calculated on the synthetic data. the density estimates show the empirical privacy noise distribution across $1000$ repetitions of the experiments with privacy parameter $\rho = 0.005$. X's indicate the ground truth calculated from the SIPP data.
  • Figure 2: Proportion of SIPP Households in poverty for at least three months up to any given month in 2021. In both panels, the density estimates show the empirical privacy noise distribution across $1000$ repetitions of the experiments with privacy parameter $\rho = 0.005$. X's indicate the ground truth calculated from the SIPP data.
  • Figure 3: Empirical evaluation of the error of Algorithm \ref{['algo:fixedwindow']} on simulated data. The solid line shows the median error at each timestep across $1000$ repetitions of the algorithm. The proportions are calculated with the debiasing step. The dotted lines show the $2.5$ and $97.5$ percentile. The horizontal dashed line shows the theoretical error bound.
  • Figure 4: Empirical evaluation of the error of Algorithm \ref{['algo:fixedwindow']} on simulated data. The solid line shows the median error at each timestep across $1000$ repetitions of the algorithm. The dotted lines show the $2.5$ and $97.5$ percentile. The horizontal dashed line shows the theoretical error bound for proportions calculated on the synthetic data without the debiasing step.
  • Figure 5: Left Panel: Proportions of SIPP Households in poverty per quarter in 2021. Calculated on the synthetic data, no debiasing step. Right Panel: Proportions of SIPP Households in poverty per quarter in 2021. Calculated on the synthetic data, debiased by subtracting the result of the query run on the padding data.The density estimates show the empirical privacy noise distribution across $1000$ repetitions of the experiments with privacy parameter $\rho = 0.001$. X's indicate values calculated from the SIPP data.
  • ...and 3 more figures

Theorems & Definitions (17)

  • Definition 2.1: Zero-Concentrated Differential Privacy (zCDP) bun2016concentrated
  • Theorem 2.1: zCDP Composition
  • Definition 2.2: Discrete Gaussian canonne2020discrete
  • Theorem 3.1
  • Theorem 3.2
  • proof : Proof of Theorem \ref{['thm.acc2']}
  • Corollary 3.1
  • proof
  • Theorem 4.1
  • Lemma 4.2
  • ...and 7 more