Obtaining $(ε,δ)$-differential privacy guarantees when using a Poisson mechanism to synthesize contingency tables
James Jackson, Robin Mitra, Brian Francis, Iain Dove
TL;DR
This work investigates obtaining formal privacy guarantees when perturbing contingency-table counts with a Poisson synthesis mechanism. It shows that pure $\epsilon$-DP cannot be achieved with Poisson, but the $(\epsilon,\delta)$-probabilistic DP relaxation can be obtained by leveraging the Poisson CDF, with explicit bounds that depend on the tuning parameter $\alpha$ and the original counts. The authors provide analytical expressions for $1-\delta$ (e.g., $1-\delta = F_{1+\alpha}^P\left[\frac{1+\epsilon}{\log\left(\frac{1+\alpha}{\alpha}\right)}\right]$ for $\epsilon>1$) and illustrate the approach on an English School Census–like administrative dataset, highlighting the privacy–utility trade-offs. The work suggests that richer count distributions (e.g., negative binomial) may yield better utility while preserving DP-type guarantees and explains why multinomial–Dirichlet mechanisms can attain $\epsilon$-DP in some settings, in contrast to Poisson-based methods.
Abstract
We show that differential privacy type guarantees can be obtained when using a Poisson synthesis mechanism to protect counts in contingency tables. Specifically, we show how to obtain $(ε, δ)$-probabilistic differential privacy guarantees via the Poisson distribution's cumulative distribution function. We demonstrate this empirically with the synthesis of an administrative-type confidential database.