Conciliating Privacy and Utility in Data Releases via Individual Differential Privacy and Microaggregation

Identifier:  imarina:9411537

Handle: https://hdl.handle.net/20.500.11797/imarina9411537

Authors:  Soria-Comas, Jordi; Sanchez, David; Domingo-Ferrer, Josep; Martinez, Sergio; Del Vasto-Terrientes, Luis

Abstract:
is an element of-Differential privacy (DP) is a well-known privacy model that offers strong privacy guarantees. However, when applied to data releases, DP significantly deteriorates the analytical utility of the protected outcomes. To keep data utility at reasonable levels, practical applications of DP to data releases have used weak privacy parameters (large is an element of), which dilute the privacy guarantees of DP. In this work, we tackle this issue by using an alternative formulation of the DP privacy guarantees, named e-individual differential privacy (iDP), which causes less data distortion while providing the same protection as DP to subjects. We enforce iDP in data releases by relying on attribute masking plus a pre-processing step based on data microaggregation. The goal of this step is to reduce the sensitivity to record changes, which determines the amount of noise required to enforce iDP (and DP). Specifically, we propose data microaggregation strategies designed for iDP whose sensitivities are significantly lower than those used in DP. As a result, we obtain iDP-protected data with significantly better utility than with DP. We report on experiments that show how our approach can provide strong privacy (small is an element of) while yielding protected data that do not significantly degrade the accuracy of secondary data analysis.