Gradual Release of Sensitive Data under Differential Privacy

Article Sidebar

PDF
Published Jan 12, 2017
DOI https://doi.org/10.29012/jpc.v7i2.649

Main Article Content

Fragkiskos Koufogiannis
Department of Electrical and Systems Engineering, University of Pennsylvania
https://orcid.org/0000-0002-3228-9123
Shuo Han
Department of Electrical and Systems Engineering, University of Pennsylvania
George J. Pappas
Department of Electrical and Systems Engineering, University of Pennsylvania
https://orcid.org/0000-0001-9081-0637

Abstract

We introduce the problem of releasing private data under differential privacy when the privacy level is subject to change over time. Existing work assumes that privacy level is determined by the system designer as a fixed value before private data is released. For certain applications, however, users may wish to relax the privacy level for subsequent releases of the same data after either a re-evaluation of the privacy concerns or the need for better accuracy. Specifically, given a database containing private data, we assume that a  response y1 that preserves  \( \epsilon _1\)-differential privacy has already been published. Then, the privacy level is relaxed to  \( \epsilon _2\), with \( \epsilon _2 > \epsilon _1\), and we wish to publish a more accurate response y2 while the joint response (y1,y2) preserves \( \epsilon _2\)-differential privacy. How much accuracy is lost in the scenario of gradually releasing two responses y1and y2 compared to the scenario of releasing a single response that is \( \epsilon _2\)-differentially private? Our
results consider the more general case with multiple privacy level relaxations and show that there exists a composite mechanism that achieves no loss
in accuracy.
 We consider the case in which the private data lies within Rn with an adjacency relation induced by the \( \ell _1\)-norm, and we initially focus on mechanisms that approximate identity queries. We show that the same accuracy can be achieved in the case of gradual release through a mechanism whose outputs can be described by a lazy Markov stochastic process. This stochastic process has a closed form expression and can be efficiently sampled. Moreover, our results extend beyond identity queries to a more general family of privacy-preserving mechanisms. To this end, we demonstrate the applicability of our tool to multiple scenarios including Google’s project RAPPOR, trading of private data, and controlled  transmission of private data in a social network. Finally, we derive similar results for the approximated differential privacy.
 

Article Details

How to Cite
Koufogiannis, Fragkiskos, Shuo Han, and George Pappas. 2017. “Gradual Release of Sensitive Data under Differential Privacy”. Journal of Privacy and Confidentiality 7 (2). https://doi.org/10.29012/jpc.v7i2.649.
Download Citation

Issue
Vol 7 No 2 (2016): Special Issue on the Theory and Practice of Differential Privacy 2015
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright is retained by the authors. By submitting to this journal, the author(s) license the article under the Creative Commons License – Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), unless choosing a more lenient license (for instance, public domain). Furthermore, the authors of articles published by the journal grant the journal the right to store the articles in its databases for an unlimited period of time and to distribute and reproduce the articles electronically.

Short sections of text, not to exceed two paragraphs, may be quoted without explicit permission provided that full credit, including © notice, is given to the source.

Funding data