Maintaining Differential Privacy

Differential privacy is an approach to maintaining the privacy of individuals when using a large dataset that includes the data of individuals.  To appropriately maintain privacy by the method of differential privacy, the dataset must be sufficiently large.  The dataset should be large enough that making a single substitution in the database does not reveal much information about the individual either added or removed from the database.

The use of differential privacy allows government agencies to publish aggregated statistical information, such as demographics, without disclosing private information of individuals.  Companies also use differential privacy to collect user information without revealing information about individual users.

An algorithm is considered to be differentially private if someone reviewing the output of the algorithm is unable to discern whether a particular individual’s information is part of the dataset.

Two methods of maintaining differential privacy are through suppression and noise.  Suppression is the practice of withholding data to maintain differential privacy.  For example, if a movie theater provided information related to its annual income, number of daily visitors, and median amount spent per visitor, and it were the only movie theater in town, the local bureau of statistics would likely have to utilize suppression to report statistical information about the movie theater.  The bureau of statistics may have to suppress data related to the median amount spent per visitor (the recognizable $11 movie ticket).  The bureau of statistics may have to suppress data about the movie theater altogether, since there were no other movie theaters in town and maybe all of the other entertainment venues were small.  There may have been no feasible way for the bureau to report statistics pertaining to the movie theater without effectively disclosing to everyone confidential information about the movie theater’s business.

Noise can be used in tandem with suppression or as an alternative to maintain differential privacy.  Noise is made-up data that is inserted so as to falsify the data, but only minimally.  There are actual formalized methods of introducing noise, but a simplified example of the impact of noise is instructive.  In order to maintain the privacy of the movie theater through adding noise, the bureau of statistics might present the median amount that consumers in the town spent on entertainment as being $10.97.  That amount clearly wouldn’t implicate the movie theater, but by being close to the actual ticket price, a high degree of accuracy is maintained.

Differential privacy functions to anonymize data.  It consists of aggregated data that either through noise, suppression, or sheer size can’t be broken down into its individual data elements.  That means that even if someone’s data is part of the dataset, their privacy isn’t in any jeopardy.

Anonymization is one of the methods used to achieve the goal of data minimization, a stated goal of the General Data Protection Regulation (GDPR).  Anonymization is great for some purposes.  It is perfectly consistent with statistical data, but for other purposes, it simply doesn’t work.  If a business needs to know how to contact a consumer if something goes wrong with their order, the contact information needs to be linked with their order.  To allow consumers to suspend transactions and then return to them, with a digital shopping cart, the business needs to track their behavior based on IP address, device identifiers, or login credentials.  The point being, anonymization and data minimization are very valuable for privacy, but not valuable in every situation.  Sometimes businesses need to collect personal information linked to specific consumers.

When anonymization isn’t feasible and you need to collect personal information from consumers, but you also care about their privacy, Clarip is the partner you need.  At Clarip, we are committed to providing businesses with privacy compliance solutions.  We help companies stay compliant with the General Data Protection Regulation, California Consumer Privacy Act, Lei Geral de Protecao de Dados Pessoais, and other data privacy laws.  We specialize in automated data mapping, fully-automated end-to-end data subject request fulfillment, data risk intelligence scanning, and vendor and consent management.  Visit us at www.clarip.com or call us at 1-888-252-5653 to learn more today!