Within-Dataset Disclosure Risk for Differential Privacy

TL;DR

This work tackles the difficulty of interpreting and selecting the differential privacy parameter $\epsilon$ by introducing the Relative Disclosure Risk Indicator (RDR), a within-dataset, per-individual measure that complements the global DP bound. It defines output-dependent RDR, derives per-individual risk bounds, and presents two algorithms—Find-$\epsilon$-from-RDR and Find-and-release-$\epsilon$-from-RDR—that let controllers express privacy preferences over RDRs and obtain suitable $\epsilon$ values. To handle multiple queries, the paper introduces a privacy-odometer framework and SVT-based private release of $\epsilon$, enabling end-to-end DP guarantees without requiring a fixed total budget. Empirical evaluation includes an IRB-approved user study showing RDR improves consistency in epsilon selection and microbenchmarks demonstrating scalability to datasets with up to a million records. Overall, the approach makes DP more practical for real-world deployments by translating abstract privacy guarantees into actionable, per-individual risk considerations and providing DP-safe mechanisms to manage multiple queries.

Abstract

Differential privacy (DP) enables private data analysis. In a typical DP deployment, controllers manage individuals' sensitive data and are responsible for answering analysts' queries while protecting individuals' privacy. They do so by choosing the privacy parameter $ε$, which controls the degree of privacy for all individuals in all possible datasets. However, it is challenging for controllers to choose $ε$ because of the difficulty of interpreting the privacy implications of such a choice on the within-dataset individuals. To address this challenge, we first derive a relative disclosure risk indicator (RDR) that indicates the impact of choosing $ε$ on the within-dataset individuals' disclosure risk. We then design an algorithm to find $ε$ based on controllers' privacy preferences expressed as a function of the within-dataset individuals' RDRs, and an alternative algorithm that finds and releases $ε$ while satisfying DP. Lastly, we propose a solution that bounds the total privacy leakage when using the algorithm to answer multiple queries without requiring controllers to set the total privacy budget. We evaluate our contributions through an IRB-approved user study that shows the RDR is useful for helping controllers choose $ε$, and experimental evaluations showing our algorithms are efficient and scalable.

Figures (9)

• Figure 1: Agents in standard DP deployment
• Figure 2: Example of using RDR to find $\epsilon$. The query is to count the number of patients (column P) who have a certain disease (column D) and Laplace Mechanism is used to compute the query. For each $\epsilon$, we show the corresponding RDR of each within-dataset patient.
• Figure 3: Dataflow of Find-$\epsilon$-from-RDR Algorithm
• Figure 4: $\epsilon$ chosen by each participant
• Figure 5: $\epsilon$ chosen by participants who do not know DP (left) and those who know DP (right)

Theorems & Definitions (11)

• Definition 1: Output-dependent Relative Disclosure Risk Indicator
• Definition 2: Ex-post per-instance privacy loss redberg2021privately
• Definition 3: Laplace Mechanism dwork2014algorithmic
• Definition 4: Gaussian Mechanism dwork2014algorithmic
• Definition 5: Relative Disclosure Risk Indicator
• Lemma 3.1
• Lemma 3.2
• Definition 6: SVT query
• Definition 7: Privacy Odometer of Find-$\epsilon$-from-RDR
• Lemma A.1