Framework for Differentially Private Data Analysis with Multiple Accuracy Requirements

Abstract

Organizations who collect sensitive data, such as hospitals or governments, may want to share the data with others. There could be multiple applications or analysts that want to use this data. Directly releasing the data could violate the privacy of individual data contributors. To address this privacy concern, differential privacy [1,2] has arisen as a popular technique for allow for sensitive data analysis. It frequently works through the addition of randomized noise to the output of the analysis, which is controlled through the privacy parameter or budget ε. This noise affects the utility of the analyses, where a smaller budget allocation results in larger noise values, and some applications may set accuracy requirements on the output to restrict the amount of noise added [3,9,10]. The total privacy loss of a sequence of differentially private mechanisms can be composed by summing up the privacy budgets they use, under the property of sequential composition [2]. Hence, if we intend to run multiple applications or analyses on the same dataset, given a total privacy budget, we can support each application by splitting the privacy budget evenly among them. However, if there are many applications, the privacy budget received per application could be very small, resulting in poor overall utility.