Differential privacy
What is Differential Privacy?
Definition, Framework
Privacy Threats
Membership Disclosure
Being able to tell that a person is in (or not in) a dataset. It impact confidentiality.
Identity Disclosure
Being able to tell the identity of the person to whom the record corresponds (anonymity)
Attribute Disclosure
Being able to tell that a person has a specific (sensitive) attribute
Attribute Disclosure
Being able to tell that a person has a specific (sensitive) attribute
Inference Threat
Being able to tell something new (undisclosed) about a person
Privacy by design
Privacy principles need to be built into everyday operations. These should shift the burden of protecting private information from individual users and consumers to business entities. Privacy. by design has been accepted internationally e.g. GDPR and USA has special regulations related to it.
Privacy Principles
Privacy should be embedded into design
Privacy protection should be Proactive not reactive
Provide default setting for privacy
Provide visibility and Transparency
End to end security should be enabled
Use Positive-sum Philosophy
Other things to consider
Privacy is not a one time problem, it is ongoing endeavor.
Application and product design should think about privacy requirement from beginning. It should not be after thought. Privacy should be embedded into design and should not be add on.
Do not wait till end and take action after the breach. Be proactive and design privacy from beginning. Take corrective measure if breach occur.
A product out of box should be privacy aware and should protect individual. There need to be opt out mechanism if product is collecting data.
Pay even more attention to government data.
Privacy Paradox
What information people consider private?
How much value people give to Privacy?
How do people manage privacy uncertainty?
what is ideal privacy vs practical?
What survey method and information collection method are appropriate?
Information asymmetry
Privacy Summary
Personal right to be left alone
Person right to control their information
Personal right to be let alone
Person right to have secrecy
Right for autonomous decision making
Privacy Design
Privacy design should consider following
Privacy laws
Boundary regulations
Anonymity need
Confidentiality need
controls need
Differential Privacy
Privacy Tools
Analytical
Contextual Integrity
Taxonomy of harms
Privacy protect from internal employees
Make information available to employee on need basis
Have audit procedure and review
Segregate data so that employee can only access small slice on need basis
Fix issue - if employees have access to too much information
Workshop Agenda
Sure, here is an agenda for a 2-week class on differential privacy for business and technical users:
Week 1
Day 1: Introduction to differential privacy
What is differential privacy?
Why is differential privacy important?
How does differential privacy work?
Overview of Algorithms
Day 2: Differential privacy in practice
How to use differential privacy to protect privacy in machine learning
Case studies of differential privacy in practice
Day 3: Challenges of differential privacy
Limitations of differential privacy
How to overcome the limitations of differential privacy
Week 2
Day 4: Advanced topics in differential privacy
Differential privacy for high-dimensional data
Differential privacy for streaming data
Differential privacy for federated learning
Day 5: Ethical considerations of differential privacy
How to use differential privacy in a responsible way
The trade-off between privacy and utility
Day 6: Final project
Students will develop a differential privacy algorithm to solve a real-world problem