Privacy Protection from Sampling and Perturbation in Survey
Microdata
Privacy Protection from Sampling and Perturbation in Survey
Microdata
We consider the assessment of disclosure risk in the release of microdata from social surveys as public-use files. We consider both identification risk and the notion of differential privacy introduced in the computer science literature. We show that sampling, as a disclosure limitation technique, does not guarantee differential privacy. However, threats to differential privacy, i.e. 'leakage', may have small probability and sampling can provide protection under a broader definition of privacy. Moreover, the occurrence of conditions when such a threat can occur may be unknown to the adversary and require statistical inference. Disclosure limitation techniques that perturb variables in the microdata according to misclassification probabilities guarantee differential privacy provided that there are no zero elements in the misclassification mechanism. Combining sampling and perturbation, especially for rare combinations of identifying variables, will reduce the 'leakage'.
identification disclosure, attribute disclosure, differential privacy, misclassification
Southampton Statistical Sciences Research Institute, University of Southampton
Shlomo, Natalie
e749febc-b7b9-4017-be48-96d59dd03215
Skinner, Chris
dec5ef40-49ef-492a-8a1d-eb8c6315b8ce
18 October 2010
Shlomo, Natalie
e749febc-b7b9-4017-be48-96d59dd03215
Skinner, Chris
dec5ef40-49ef-492a-8a1d-eb8c6315b8ce
Shlomo, Natalie and Skinner, Chris
(2010)
Privacy Protection from Sampling and Perturbation in Survey
Microdata
(S3RI Methodology Working Papers, M10/14)
Southampton, GB.
Southampton Statistical Sciences Research Institute, University of Southampton
15pp.
Record type:
Monograph
(Working Paper)
Abstract
We consider the assessment of disclosure risk in the release of microdata from social surveys as public-use files. We consider both identification risk and the notion of differential privacy introduced in the computer science literature. We show that sampling, as a disclosure limitation technique, does not guarantee differential privacy. However, threats to differential privacy, i.e. 'leakage', may have small probability and sampling can provide protection under a broader definition of privacy. Moreover, the occurrence of conditions when such a threat can occur may be unknown to the adversary and require statistical inference. Disclosure limitation techniques that perturb variables in the microdata according to misclassification probabilities guarantee differential privacy provided that there are no zero elements in the misclassification mechanism. Combining sampling and perturbation, especially for rare combinations of identifying variables, will reduce the 'leakage'.
Text
s3ri-workingpaper-M10-14.pdf
- Other
More information
Published date: 18 October 2010
Keywords:
identification disclosure, attribute disclosure, differential privacy, misclassification
Identifiers
Local EPrints ID: 165757
URI: http://eprints.soton.ac.uk/id/eprint/165757
PURE UUID: 62f571c7-8c09-4bc8-80aa-c844fc755d73
Catalogue record
Date deposited: 19 Oct 2010 09:08
Last modified: 14 Mar 2024 02:11
Export record
Contributors
Author:
Natalie Shlomo
Author:
Chris Skinner
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics