Slowly Scaling Per-Record Differential Privacy

TL;DR

This paper introduces new differential privacy mechanisms that ensure privacy guarantees degrade logarithmically with record influence, enabling accurate data release even with highly influential outliers.

Contribution

The authors develop novel privacy mechanisms that slow the degradation of privacy guarantees from linear or quadratic to logarithmic with respect to record influence.

Findings

Mechanisms provide unbiased, accurate statistics with strong privacy for influential records.

Empirical evaluation demonstrates practical utility of the mechanisms.

Applicable to economic data with large outliers, like payroll sums.

Abstract

We develop formal privacy mechanisms for releasing statistics from data with many outlying values, such as income data. These mechanisms ensure that a per-record differential privacy guarantee degrades slowly in the protected records' influence on the statistics being released. Formal privacy mechanisms generally add randomness, or "noise," to published statistics. If a noisy statistic's distribution changes little with the addition or deletion of a single record in the underlying dataset, an attacker looking at this statistic will find it plausible that any particular record was present or absent, preserving the records' privacy. More influential records -- those whose addition or deletion would change the statistics' distribution more -- typically suffer greater privacy loss. The per-record differential privacy framework quantifies these record-specific privacy guarantees, but existing mechanisms let these guarantees degrade rapidly (linearly or quadratically) with influence. While this may be acceptable in cases with some moderately influential records, it results in unacceptably high privacy losses when records' influence varies widely, as is common in economic data. We develop mechanisms with privacy guarantees that instead degrade as slowly as logarithmically with influence. These mechanisms allow for the accurate, unbiased release of statistics, while providing meaningful protection for highly influential records. As an example, we consider the private release of sums of unbounded establishment data such as payroll, where our mechanisms extend meaningful privacy protection even to very large establishments. We evaluate these mechanisms empirically and demonstrate their utility.