Search Results

In 2017, the United States Census Bureau announced that because of high disclosure risk in the methodology (data swapping) used to produce tabular data for the 2010 census, a different protection mechanism based on differential privacy would be ...

The threat of reconstruction attacks has led the U.S. Census Bureau (USCB) to replace in the Decennial Census 2020 the traditional statistical disclosure limitation based on rank swapping with one based on differential privacy (DP), leading to ...

Providing access to synthetic micro-data in place of confidential data to protect the privacy of participants is common practice. For the synthetic data to be useful for analysis, it is necessary that the density function of the synthetic data ...

We review the use of differential privacy (DP) for privacy protection in machine learning (ML). We show that, driven by the aim of preserving the accuracy of the learned models, DP-based ML implementations are so loose that they do not offer the ex ante ...

Recent analysis by researchers at the U.S. Census Bureau claims that by reconstructing the tabular data released from the 2010 Census, it is possible to reconstruct the original data and, using an accurate external data file with identity, ...

Anonymization for privacy-preserving data publishing, also known as statistical disclosure control (SDC), can be viewed under the lens of the permutation model. According to this model, any SDC method for individual data records is functionally equivalent ...

Differential privacy (DP) is a privacy model that was designed for interactive queries to databases. Its use has then been extended to other data release formats, including microdata. In this paper we show that setting a certain $ϵ$ in DP does not ...$$$$

Generating synthetic data for the dissemination of individual information in a privacy-preserving way is an approach that is often presented as superior to other statistical disclosure control techniques. The reason for such claim is ...

There are currently two approaches to anonymization: "utility first" (use an anonymization method with suitable utility features, then empirically evaluate the disclosure risk and, if necessary, reduce the risk by possibly sacrificing some utility) or "...

Two organizations that have records on the same collection of individuals can benefit from sharing attributes on these individuals. The combined data, with records linked on certain common identifying information, is termed linked microdata. Linked ...

Commercial organizations and government agencies that gather, store, share and disseminate data are facing increasing concerns over individual privacy and confidentiality. Confidential data is often masked in the database or prior to release to a third ...

Often microdata sets contain attributes which are neither numerical nor ordinal, but take nominal values from a taxonomy, ontology or classification (e.g. diagnosis in a medical data set about patients, economic activity in an economic data set, etc.). ...

Traditionally, magnitude tabular data and microdata masking have been treated as two independent problems. An increasing number of government agencies are exploring establishing remote data access centers where both types of data release may occur. We ...

Laplace noise addition is often advanced as an approach for satisfying differential privacy. There have been several illustrations of the application of Laplace noise addition for count data, but no evaluation of its performance for numeric data. In ...

Recently Sarathy and Muralidhar (2009) provided the first attempt at illustrating the implementation of differential privacy for numerical data. In this paper, we attempt to provide further insights on the results that are observed when Laplace based ...

The concept of differential privacy was motivated through the example of Terry Gross' height in Dwork (2006). In this paper, we show that when a procedure based on differential privacy is implemented, it neither protects Terry Gross' privacy nor does it ...

In this paper, we provide a preliminary investigation of t-copulas for perturbing numerical confidential variables. A perturbation approach using Gaussian copulas has been proposed earlier. However, one of the problems with the Gaussian copulas is that ...

The mean vector and covariance matrix are sufficient statistics when the underlying distribution is multivariate normal. Many type of statistical analyses used in practice rely on the assumption of multivariate normality (Gaussian model). For these ...

The confidentiality-via-camouflage (CVC) procedure was recently proposed as an alternative to existing procedures such as data perturbation for protecting the confidentiality of numerical data. In this paper, we show that CVC, implemented with certain ...