Private Memorization Editing: Turning Memorization into a Defense to Strengthen Data Privacy in Large Language Models

TL;DR

This paper introduces Private Memorization Editing (PME), a novel method that leverages the memorization ability of large language models to prevent leakage of personally identifiable information, thereby enhancing data privacy.

Contribution

The paper proposes PME, a new technique that detects and edits memorized private data in LLMs without affecting their overall performance, strengthening privacy defenses.

Findings

PME effectively reduces PII leakage in various configurations.

In some cases, PME completely prevents privacy attacks.

PME maintains the underlying language model's performance.

Abstract

Large Language Models (LLMs) memorize, and thus, among huge amounts of uncontrolled data, may memorize Personally Identifiable Information (PII), which should not be stored and, consequently, not leaked. In this paper, we introduce Private Memorization Editing (PME), an approach for preventing private data leakage that turns an apparent limitation, that is, the LLMs' memorization ability, into a powerful privacy defense strategy. While attacks against LLMs have been performed exploiting previous knowledge regarding their training data, our approach aims to exploit the same kind of knowledge in order to make a model more robust. We detect a memorized PII and then mitigate the memorization of PII by editing a model knowledge of its training data. We verify that our procedure does not affect the underlying language model while making it more robust against privacy Training Data Extraction attacks. We demonstrate that PME can effectively reduce the number of leaked PII in a number of configurations, in some cases even reducing the accuracy of the privacy attacks to zero.