New Relative Disclosure Risk Indicator Helps Choose Differential Privacy Parameters

Global: New Relative Disclosure Risk Indicator Helps Choose Differential Privacy Parameters

A team of computer scientists has introduced a metric that quantifies how the privacy parameter ε influences the disclosure risk of individuals whose data appear in a specific dataset. The work, presented in a recent arXiv preprint, aims to give data controllers clearer guidance when configuring differential privacy (DP) protections for analysts’ queries.

Relative Disclosure Risk Indicator

The researchers derived a Relative Disclosure Risk (RDR) indicator that translates a chosen ε value into an explicit risk measure for individuals within the dataset under analysis. By focusing on within‑dataset risk rather than abstract privacy guarantees, the indicator seeks to make the implications of ε more interpretable for practitioners.

Algorithm for Epsilon Selection

Building on the RDR, the authors designed an algorithm that selects ε based on a controller’s expressed privacy preferences, modeled as a function of the RDR values. An alternative version of the algorithm also releases the chosen ε while preserving the formal guarantees of differential privacy.

Bounding Cumulative Privacy Leakage

The paper further proposes a method to bound total privacy leakage when the algorithm is used to answer multiple queries. This approach eliminates the need for controllers to pre‑define a total privacy budget, thereby simplifying long‑term DP deployments.

User Study and Experimental Evaluation

An Institutional Review Board‑approved user study demonstrated that participants found the RDR useful for informing their ε choices. Complementary experiments showed that both algorithms scale efficiently to realistic query loads.

Implications for Differential Privacy Deployments

According to the authors, the introduced tools could reduce uncertainty for data controllers and promote more consistent adoption of differential privacy across industries that handle sensitive information.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.