Prior-itizing Privacy: A Bayesian Approach to Setting the Privacy Budget in Differential Privacy
Keywords: confidentiality, disclosure, risk, semantics, utility
TL;DR: We propose a framework for setting epsilon for data releases satisfying differential privacy.
Abstract: When releasing outputs from confidential data, agencies need to balance the analytical usefulness of the released data with the obligation to protect data subjects' confidentiality. For releases satisfying differential privacy, this balance is reflected by the privacy budget, $\varepsilon$. We provide a framework for setting $\varepsilon$ based on its relationship with Bayesian posterior probabilities of disclosure. The agency responsible for the data release decides how much posterior risk it is willing to accept at various levels of prior risk, which implies a unique $\varepsilon$. Agencies can evaluate different risk profiles to determine one that leads to an acceptable trade-off in risk and utility.
Supplementary Material: zip
Primary Area: Privacy
Submission Number: 4161
Loading