Synthetic Data Outliers: Navigating Identity Disclosure
Carolina Trindade, Luís Antunes, Tânia Carvalho, Nuno Moniz
TL;DR
The paper investigates re-identification risks for synthetic data with a focus on outliers, showing that linkage attacks can re-identify extreme records even when data are synthetic. By generating numerous variants with deep-learning (SDV) and differential-privacy-based (DPART) methods and evaluating data utility and re-identification risk via a linkage attack, it demonstrates a model-dependent privacy-utility tradeoff: DP methods reduce linkage risk but degrade utility, while DL-based methods preserve utility at privacy risk for outliers. The study uses the Credit Risk dataset and evaluates 102 synthetic variants across multiple models, providing actionable insights into hyperparameter tuning, model choice, and the balance between data usefulness and privacy protection. It highlights practical implications for deploying synthetic data in privacy-sensitive domains and underscores the need for attack-aware synthesis strategies to prevent outlier leakage.
Abstract
Multiple synthetic data generation models have emerged, among which deep learning models have become the vanguard due to their ability to capture the underlying characteristics of the original data. However, the resemblance of the synthetic to the original data raises important questions on the protection of individuals' privacy. As synthetic data is perceived as a means to fully protect personal information, most current related work disregards the impact of re-identification risk. In particular, limited attention has been given to exploring outliers, despite their privacy relevance. In this work, we analyze the privacy of synthetic data w.r.t the outliers. Our main findings suggest that outliers re-identification via linkage attack is feasible and easily achieved. Furthermore, additional safeguards such as differential privacy can prevent re-identification, albeit at the expense of the data utility.