Journal of Privacy and Confidentiality

Maximizing Utility for Vector-weighted Pseudo Posterior Mechanisms under Differential Privacy

Jingchen Hu, Terrance Savitsky, Matthew Williams — Thu, 30 Apr 2026 00:00:00 +0000

The risk-weighted pseudo posterior mechanism provides a practical framework for privacy protection that takes advantage of the availability of posterior sampling approaches, creating a synthesizer for microdata dissemination. The flexibility of the approach lies in the user-specification of the individualized risks and the mapping of risks to weights. However, this raises the question of which weighting approach is optimal. In this work, we develop a recursive approach to algorithmically induce an optimal weighting strategy given an initial suboptimal strategy. This ` re-weighting' strategy applies to any vector-weighted pseudo posterior mechanism under which a vector of observation-indexed weights are used to downweight likelihood contributions for high disclosure risk records. We demonstrate our method on two different vector-weighted schemes that target high-risk records (one close to optimal and one not). Our new method for constructing record-indexed downweighting maximizes the data utility under any privacy budget for the vector-weighted synthesizers by adjusting the by-record weights, such that their individual risk contributions (e.g. Lipschitz bounds) approach the risk bound for the entire database. Our method achieves an epsilon-asymptotic differential privacy (aDP) guarantee, globally, over the space of databases. We illustrate our methods using simulated highly skewed count data and compare the results to a scalar-weighted synthesizer under the popular Exponential Mechanism (EM). We also apply our methods to a sample of the Survey of Doctorate Recipients and demonstrate the practicality of our methods.

Slowly Scaling Per-Record Differential Privacy

Thu, 30 Apr 2026 00:00:00 +0000

We develop formal privacy mechanisms for releasing statistics from data with many outlying values, such as income data. These mechanisms ensure that a per-record differential privacy guarantee degrades slowly in the protected records’ influence on the statistics being released.

Records with greater influence -- those whose addition or deletion would change the released statistics more -- typically suffer greater privacy loss. The per-record differential privacy framework quantifies these record-specific privacy guarantees, but existing mechanisms let these guarantees degrade rapidly (linearly or quadratically) with influence. While this may be acceptable in cases with some moderately influential records, it results in unacceptably high privacy losses when records’ influence varies widely, as is common in economic data.

We develop mechanisms with privacy guarantees that instead degrade as slowly as logarithmically with influence. These mechanisms allow for the accurate, unbiased release of statistics, while providing meaningful protection for highly influential records. As an example, we consider the private release of sums of unbounded establishment data such as payroll, where our mechanisms extend meaningful privacy protection even to very large establishments. We evaluate these mechanisms empirically and demonstrate their utility on simulated employment data and the U.S. Department of Agriculture's Cattle Inventory Survey.

Corrigendum to "Differentially Private Set Union"

Thu, 30 Apr 2026 00:00:00 +0000

In the published version of "Differentially Private Set Union" by Gopi et. al, the authors identified an error in Proposition 5.1. This error affects Proposition 5.1 and Algorithm 8 of the published version.