Differential privacy is a system for publicly sharing information about a dataset by describing the patterns of groups within the dataset, while withholding information about individuals in the dataset. On this page we explore the technology in depth.
The increasing adoption of machine learning and artificial intelligence, which are fueled by data, has driven a massive need for access to more and better data, including anything from consumer data to medical test results. While improving data collection and usage can be incredibly important — consider how using healthcare data can drive lifesaving innovations — privacy concerns must be proactively addressed, to avoid potential risks and liabilities.
The leaking of private data like medical outcomes and Social Security numbers can be devastating both for individuals and the companies charged with keeping this data safe.
A simple approach for protecting private data is known as anonymization. This approach involves the removal of fields containing identifying information from personal records, such as the removal of a name from a medical record. Unfortunately, this simple approach is rarely sufficient to ensure the privacy of individuals, as the remaining unique information may be used to identify an individual. For instance, a supposedly anonymous patient can often be identified from a nameless medical record that lists their very unique medical diagnosis and generalized location.
Differential Privacy
The term “differential privacy” describes a mathematically rigorous approach to maintaining individual privacy. It has been designed to ensure that individuals who allow their information to be included in a larger dataset will experience a negligible impact on their lives.
So, what determines if a system provides differential privacy — a technique derived from the work of various researchers applying algorithmic methods to the study of digital privacy, culminating around 2006? Consider this scenario. We have two datasets with thousands of personal records that must be analyzed, but one of those data sets is missing the record of one John Doe. Differential privacy means an analysis on each data set will produce insights independent of the inclusion of the specific John Doe record. Thus, it cannot be reasonably determined if John Doe’s record exists in either data set, which aids in maintaining his personal privacy.
In practice, differential privacy techniques reduce the risk of privacy violations occurring, allowing organizations to leverage large sets of sensitive data for commercial or research purposes by adding randomized “noise” to protect individual data. For example, differential privacy is used to power Apple keyboard suggestions: Instead of focusing on what any individual is typing, Apply is focused on collecting what its users are typing collectively, in order to provide better suggestions.
Differential privacy also allows for the automation of cloud-based, private data processing, enabling differentially private data sharing among organizations located around the world.
How It Works
Differential privacy techniques aim to ensure the privacy of individual contributors by strategically adding noise into the data set or the output of an analysis. The statistical noise helps to ensure privacy but does not prevent data consumers from conducting useful analyses on private data.
In one approach of differential privacy, stochastically-generated data points — in other words, random variables — are injected throughout a data set to serve as the “noise.” The amount of noise introduced into the data set has a direct relationship to the level of privacy, with the privacy parameter “ε,” called privacy loss or privacy budget, referring to the level of noise. The inclusion of noise also reduces the accuracy of an analysis.
Thus, the smaller the value of ε, the more noise and less accurate the results. However, the results of an analysis are less likely to be distinguishable based on any single record. Conversely, larger values of ϵ correspond to less noise and more accurate results. However, the results of analyses are more likely to be distinguished based on individual records.
Given the privacy-accuracy tradeoff, determining the value of ε for a particular application can be challenging. Setting the appropriate level of privacy loss should depend on the nature of the analysis and the sensitivity of the data.
This tradeoff is a significant point of consideration for those looking to implement differential privacy techniques into their data workflows and makes it difficult to form standards over appropriate values of ε, where more privacy leads to less utility.
Benefits of Differential Privacy
Differential privacy offers a number of valuable benefits, making it a useful method for analyzing sensitive data while maintaining some level of privacy. Some benefits include:
Drawbacks of Differential Privacy
As noted above, differential privacy involves a tradeoff between accuracy and ensuring privacy. This tradeoff is often unacceptable, especially when working in highly regulated spaces like healthcare. The more privacy added, the less usable the data becomes, which can hinder physicians’ and researchers’ abilities to diagnose patients or discover new insights. The approach leaves too much to the judgment of the human using the technology and does not eliminate the heavy reliance on trust.
Furthermore, differential privacy cannot be applied to all types of data. Real-world data can come in complex and unstructured forms. Differential privacy data sharing is useless when it comes to genomic, video, audio and other data types.
While differential privacy can be effective for very large datasets, it becomes less and less effective as datasets become smaller.
Differential privacy can be computationally demanding. The amount of computational resources needed in some cases can make it an impractical approach.
A Better Approach
TripleBlind’s encrypted-in-use approach avoids the issues associated with differential privacy.
The TripleBlind Solution does not involve removing or replacing data. This solution maintains data fidelity for precise computational outcomes. Its key features include:
TripleBlind’s software-only API addresses a wide range of use cases, allowing organizations to unlock more value from sensitive data while ensuring privacy and maintaining compliance. If you want to learn more about how TripleBlind’s solution offers a number of advantages over differential privacy, contact us today to schedule a demo.
TripleBlind is built on novel, patented breakthroughs in mathematics and cryptography, unlike other approaches built on top of open source technology. The technology keeps both data and algorithms in use private and fully computable.
We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds:
You can read about our cookies and privacy settings in detail on our Privacy Policy Page.
Privacy Policy