1932

Abstract

To quantify trade-offs between increasing demand for open data sharing and concerns about sensitive information disclosure, statistical data privacy (SDP) methodology analyzes data release mechanisms that sanitize outputs based on confidential data. Two dominant frameworks exist: statistical disclosure control (SDC) and the more recent differential privacy (DP). Despite framing differences, both SDC and DP share the same statistical problems at their core. For inference problems, either we may design optimal release mechanisms and associated estimators that satisfy bounds on disclosure risk measures, or we may adjust existing sanitized output to create new statistically valid and optimal estimators. Regardless of design or adjustment, in evaluating risk and utility, valid statistical inferences from mechanism outputs require uncertainty quantification that accounts for the effect of the sanitization mechanism that introduces bias and/or variance. In this review, we discuss the statistical foundations common to both SDC and DP, highlight major developments in SDP, and present exciting open research problems in private inference.

Loading

Article metrics loading...

/content/journals/10.1146/annurev-statistics-033121-112921
2023-03-09
2024-10-06
Loading full text...

Full text loading...

/deliver/fulltext/statistics/10/1/annurev-statistics-033121-112921.html?itemId=/content/journals/10.1146/annurev-statistics-033121-112921&mimeType=html&fmt=ahah

Literature Cited

  1. Abowd J, Ashmead R, Cumings-Menon R, Garfinkel S, Kifer D et al. 2021. An uncertainty principle is a price of privacy-preserving microdata. Advances in Neural Information Processing Systems 34 (NeurIPS 2021) M Ranzato, A Beygelzimer, Y Dauphin, PS Liang, J Wortman Vaughan Red Hook, NY: Curran
    [Google Scholar]
  2. Abowd J, Kifer D, Moran B, Ashmead R, Sexton W. 2019. Census TopDown algorithm: differentially private data, incremental schemas, and consistency with public knowledge. Work. Pap., US Census Bur., Washington, DC
  3. Abowd JM. 2021. Third declaration of John M. Abowd. Fair Lines America Foundation, Inc. v. United States Department of Commerce and United States Bureau of the Census Civ. A. No. 1:21-cv-01361
    [Google Scholar]
  4. Arnold C, Neunhoeffer M. 2020. Really useful synthetic data—a framework to evaluate the quality of differentially private synthetic data. arXiv:2004.07740 [stat.ML]
  5. Asi H, Duchi JC 2020. Instance-optimality in differential privacy via approximate inverse sensitivity mechanisms. Advances in Neural Information Processing Systems 33 (NeurIPS 2020) H Larochelle, M Ranzato, R Hadsell, MF Balcan, H Lin Red Hook, NY: Curran
    [Google Scholar]
  6. Avella-Medina M. 2021. Privacy-preserving parametric inference: a case for robust statistics. J. Am. Stat. Assoc. 116:534969–83
    [Google Scholar]
  7. Awan J, Kenney A, Reimherr M, Slavković A. 2019. Benefits and pitfalls of the exponential mechanism with applications to Hilbert spaces and functional PCA. PMLR 97:374–84
    [Google Scholar]
  8. Awan J, Slavković A 2018. Differentially private uniformly most powerful tests for binomial data. 32nd Conference on Neural Information Processing Systems (NeurIPS 2018) H Wallach, H Larochelle, A Beygelzimer, F d'Alché-Buc, E Fox, R Garnett Red Hook, NY: Curran
    [Google Scholar]
  9. Awan J, Slavković A. 2020. Structure and sensitivity in differential privacy: Comparing K-norm mechanisms. J. Am. Stat. Assoc. 116:935–54
    [Google Scholar]
  10. Beaumont MA. 2019. Approximate Bayesian computation. Annu. Rev. Stat. Appl. 6:379–403
    [Google Scholar]
  11. Boucheron S, Lugosi G, Massart P. 2013. Concentration Inequalities: A Nonasymptotic Theory of Independence Oxford, UK: Oxford Univ. Press
    [Google Scholar]
  12. Boulemtafes A, Derhab A, Challal Y. 2020. A review of privacy-preserving techniques for deep learning. Neurocomputing 384:21–45
    [Google Scholar]
  13. Bousquet O, Boucheron S, Lugosi G 2003. Introduction to statistical learning theory. Advanced Lectures on Machine Learning: ML Summer Schools 2003, Canberra, Australia, February 2–14, 2003, Tübingen, Germany, August 4–16, 2003, Revised Lectures O Bousquet, U Luxburg, G Rätsch 169–207. New York: Springer
    [Google Scholar]
  14. Bowen CM, Snoke J. 2019. Comparative study of differentially private synthetic data algorithms from the NIST PSCR Differential Privacy Synthetic Data Challenge. arXiv:1911.12704 [stat.AP]
  15. boyd d, Sarathy J 2022. Differential perspectives: epistemic disconnects surrounding the US Census Bureau's use of differential privacy. Harv. Data Sci. Rev. https://doi.org/10.1162/99608f92.66882f0e
    [Google Scholar]
  16. Bun M, Drechsler J, Gaboardi M, McMillan A. 2020. Controlling privacy loss in survey sampling. arXiv:2007.12674 [stat.ME]
  17. Bun M, Steinke T. 2016. Concentrated differential privacy: simplifications, extensions, and lower bounds. arXiv:1605.02065 [cs.CR]
  18. Canonne CL, Kamath G, Steinke T 2020. The discrete Gaussian for differential privacy. Advances in Neural Information Processing Systems 33 (NeurIPS 2020) H Larochelle, M Ranzato, R Hadsell, MF Balcan, H Lin 14106–17. Red Hook, NY: Curran
    [Google Scholar]
  19. Carroll RJ, Ruppert D, Stefanski LA, Crainiceanu CM. 2006. Measurement Error in Nonlinear Models Boca Raton, FL: Chapman and Hall
    [Google Scholar]
  20. Carvalho DV, Pereira EM, Cardoso JS. 2019. Machine learning interpretability: a survey on methods and metrics. Electronics 8:8832
    [Google Scholar]
  21. Chaudhuri K, Monteleoni C, Sarwate AD. 2011. Differentially private empirical risk minimization. J. Mach. Learn. Res. 12:31069–109
    [Google Scholar]
  22. Chaudhuri K, Sarwate A, Sinha K 2012. Near-optimal differentially private principal components. Advances in Neural Information Processing Systems 25 (NIPS 2012) F Pereira, CJ Burges, L Bottou, KQ Weinberger Red Hook, NY: Curran
    [Google Scholar]
  23. Cohen JE. 2012. What privacy is for. Harv. Law Rev. 126:1904–33
    [Google Scholar]
  24. Cummings R, Gupta V, Kimpara D, Morgenstern J. 2019. On the compatibility of privacy and fairness. Adjunct Publication of the 27th Conference on User Modeling, Adaptation and Personalization309–15. New York: ACM
    [Google Scholar]
  25. Cummings R, Kaptchuk G, Redmiles EM. 2021.. “ I need a better description”: an investigation into user expectations for differential privacy. Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security3037–52. New York: ACM
    [Google Scholar]
  26. Dalenius T. 1977. Towards a methodology for statistical disclosure control. Stat. Tidskr. 15:429–44
    [Google Scholar]
  27. Desfontaines D, Pejó B. 2022. SoK: differential privacies. arXiv:1906.01337 [cs.CR]
  28. Dinur I, Nissim K. 2003. Revealing information while preserving privacy. Proceedings of the Twenty-Second ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems202–10. New York: ACM
    [Google Scholar]
  29. Dobra A, Fienberg SE, Rinaldo A, Slavkovic A, Zhou Y 2009. Algebraic statistics and contingency table problems: log-linear models, likelihood estimation, and disclosure limitation. Emerging Applications of Algebraic Geometry M Putinar, S Sullivant 63–88. New York: Springer
    [Google Scholar]
  30. Domingo-Ferrer J, Mateo-Sanz JM. 2002. Practical data-oriented microaggregation for statistical disclosure control. IEEE Trans. Knowl. Data Eng. 14:1189–201
    [Google Scholar]
  31. Domingo-Ferrer J, Sánchez D, Blanco-Justicia A. 2021. The limits of differential privacy (and its misuse in data release and machine learning). Commun. ACM 64:733–35
    [Google Scholar]
  32. Domingo-Ferrer J, Torra V 2003. Disclosure risk assessment in statistical microdata protection via advanced record linkage. Stat. Comput. 13:4343–54
    [Google Scholar]
  33. Dong J, Roth A, Su WJ. 2019. Gaussian differential privacy. arXiv:1905.02383 [cs.LG]
  34. Drechsler J, Reiter JP. 2010. Sampling with synthesis: a new approach for releasing public use census microdata. J. Am. Stat. Assoc. 105:4921347–57
    [Google Scholar]
  35. Duchi JC, Jordan MI, Wainwright MJ. 2018. Minimax optimal procedures for locally private estimation. J. Am. Stat. Assoc. 113:521182–201
    [Google Scholar]
  36. Duncan GT, Pearson RW. 1991. Enhancing access to microdata while protecting confidentiality: prospects for the future. Stat. Sci. 6:3219–32
    [Google Scholar]
  37. Dwork C, Kenthapadi K, McSherry F, Mironov I, Naor M 2006a. Our data, ourselves: privacy via distributed noise generation. Advances in Cryptology—EUROCRYPT 2006 S Vaudenay 486–503. New York: Springer
    [Google Scholar]
  38. Dwork C, Lei J. 2009. Differential privacy and robust statistics. Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, STOC '09371–80. New York: ACM
    [Google Scholar]
  39. Dwork C, McSherry F, Nissim K, Smith A 2006b. Calibrating noise to sensitivity in private data analysis. Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006 S Halevi, T Rabin 265–84. New York: Springer
    [Google Scholar]
  40. Dwork C, Naor M. 2010. On the difficulties of disclosure prevention in statistical databases or the case for differential privacy. J. Priv. Confid. 2:1 https://doi.org/10.29012/jpc.v2i1.585
    [Google Scholar]
  41. Dwork C, Roth A. 2014. The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9:3–4211–407
    [Google Scholar]
  42. Dwork C, Rothblum GN, Vadhan S. 2010. Boosting and differential privacy. 2010 IEEE 51st Annual Symposium on Foundations of Computer Science51–60. New York: IEEE
    [Google Scholar]
  43. Dwork C, Smith A, Steinke T, Ullman J. 2017. Exposed! A survey of attacks on private data. Annu. Rev. Stat. Appl. 4:61–84
    [Google Scholar]
  44. Evfimievski A, Gehrke J, Srikant R. 2003. Limiting privacy breaches in privacy preserving data mining. Proceedings of the Twenty-Second ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems211–22. New York: ACM
    [Google Scholar]
  45. Fearnhead P, Prangle D. 2012. Constructing summary statistics for approximate Bayesian computation: semi-automatic approximate Bayesian computation. J. R. Stat. Soc. Ser. B 74:3419–74
    [Google Scholar]
  46. Fienberg SE, Steele RJ. 1998. Disclosure limitation using perturbation and related methods for categorical data. J. Off. Stat. 14:4485–502
    [Google Scholar]
  47. Foulds J, Geumlek J, Welling M, Chaudhuri K. 2016. On the theory and practice of privacy-preserving Bayesian data analysis. arXiv:1603.07294 [cs.LG]
  48. Franconi L, Polettini S. 2004. Individual risk estimation in μ-Argus: a review. Privacy in Statistical Databases CASC Project International Workshop, PSD 2004262–72. New York: Springer
    [Google Scholar]
  49. Ganesh A, Talwar K 2020. Faster differentially private samplers via Rényi divergence analysis of discretized Langevin MCMC. Advances in Neural Information Processing Systems 33 (NeurIPS 2020) H Larochelle, M Ranzato, R Hadsell, MF Balcan, H Lin Red Hook, NY: Curran
    [Google Scholar]
  50. Garfinkel S, Abowd J, Martindale C. 2019. Understanding database reconstruction attacks on public data. Commun. ACM 62:46–53
    [Google Scholar]
  51. Ghosh A, Roughgarden T, Sundararajan M. 2012. Universally utility-maximizing privacy mechanisms. SIAM J. Comput. 41:61673–93
    [Google Scholar]
  52. Gong R. 2022. Exact inference with approximate computation for differentially private data via perturbations. arXiv:1909.12237 [stat.CO]
  53. Green B. 2022. Escaping the impossibility of fairness: from formal to substantive algorithmic fairness. arXiv:2107.04642 [cs.CY]
  54. Groves RM, Fowler FJ, Couper MP, Lepkowski JM, Singer E, Tourangeau R. 2011. Survey Methodology New York: Wiley
    [Google Scholar]
  55. Hardin JW, Hilbe JM. 2002. Generalized Estimating Equations Boca Raton, FL: Chapman and Hall/CRC
    [Google Scholar]
  56. Hardt M, Talwar K. 2010. On the geometry of differential privacy. STOC '10: Proceedings of the Forty-Second ACM Symposium on Theory of Computing705–14. New York: ACM
    [Google Scholar]
  57. Hundepool A, Domingo-Ferrer J, Franconi L, Giessing S, Nordholt ES et al. 2012. Statistical Disclosure Control New York: Wiley
    [Google Scholar]
  58. Jordon J, Yoon J, van der Schaar M 2019. Differentially private bagging: improved utility and cheaper privacy than subsample-and-aggregate. Advances in Neural Information Processing Systems 32 (NeurIPS 2019) H Wallach, H Larochelle, A Beygelzimer, F d'Alché-Buc, E Fox, R Garnett Red Hook, NY: Curran
    [Google Scholar]
  59. Kairouz P, McMahan HB, Avent B, Bellet A, Bennis M et al. 2021. Advances and open problems in federated learning. Found. Trends Mach. Learn. 14:1–21–210
    [Google Scholar]
  60. Karr AF. 2010. Secure statistical analysis of distributed databases, emphasizing what we don't know. J. Priv. Confid. 1:197–211
    [Google Scholar]
  61. Karwa V, Krivitsky PN, Slavković AB. 2017. Sharing social network data: differentially private estimation of exponential family random-graph models. J. R. Stat. Soc. Ser. C 66:3481–500
    [Google Scholar]
  62. Karwa V, Slavković A. 2016. Inference using noisy degrees: differentially private β-model and synthetic graphs. Ann. Stat. 44:187–112
    [Google Scholar]
  63. Karwa V, Vadhan S. 2017. Finite sample differentially private confidence intervals. arXiv:1711.03908 [cs.CR]
  64. Kasiviswanathan SP, Smith A. 2014. On the `semantics' of differential privacy: a Bayesian formulation. J. Priv. Confid. 6:1 https://doi.org/10.29012/jpc.v6i1.634
    [Google Scholar]
  65. Kenny CT, Kuriwaki S, McCartan C, Rosenman E, Simko T, Imai K. 2021. The impact of the US Census Disclosure Avoidance System on redistricting and voting rights analysis. arXiv:2105.14197 [stat.AP]
  66. Kifer D, Machanavajjhala A. 2011. No free lunch in data privacy. Proceedings of the 2011 ACM SIGMOD International Conference on Management of Data193–204. New York: ACM
    [Google Scholar]
  67. Kifer D, Machanavajjhala A. 2014. Pufferfish: a framework for mathematical privacy definitions. ACM Trans. Database Syst. 39:13
    [Google Scholar]
  68. Kifer D, Smith A, Thakurta A. 2012. Private convex empirical risk minimization and high-dimensional regression. J. Mach. Learn. Res. 23:25
    [Google Scholar]
  69. Li N, Li T, Venkatasubramanian S. 2007. t-Closeness: privacy beyond k-anonymity and l-diversity. 2007 IEEE 23rd International Conference on Data Engineering106–15. New York: IEEE
    [Google Scholar]
  70. Li N, Qardaji W, Su D. 2012. On sampling, anonymization, and differential privacy or, k-anonymization meets differential privacy. Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security32–33. New York: ACM
    [Google Scholar]
  71. Lindell Y, Pinkas B. 2009. Secure Multiparty Computation for Privacy-Preserving Data Mining. J. Priv. Confid. 1:159–98
    [Google Scholar]
  72. Liu C, Chakraborty S, Mittal P. 2016. Dependence makes you vulnerable: differential privacy under dependent tuples Presented at Network and Distributed System Security Symposium, Feb. 21–24 San Diego, CA: http://dx.doi.org/10.14722/ndss.2016.23279
    [Google Scholar]
  73. Machanavajjhala A, Kifer D, Gehrke J, Venkitasubramaniam M. 2007. L-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1:13
    [Google Scholar]
  74. Martin GRR. 2011. A Game of Thrones New York: Bantam
    [Google Scholar]
  75. McClure D, Reiter JP. 2012. Differential privacy and statistical disclosure risk measures: an investigation with binary synthetic data. Trans. Data Priv. 5:3535–52
    [Google Scholar]
  76. McKenna L. 2019. Disclosure avoidance techniques used for the 1960 through 2010 decennial censuses of population and housing public use microdata samples Work. Pap., US Census Bur. Washington, DC:
    [Google Scholar]
  77. McKenna R, Miklau G, Hay M, Machanavajjhala A. 2018. Optimizing error of high-dimensional statistical queries under differential privacy. Proc. VLDB Endow. 11:101206–19
    [Google Scholar]
  78. McKenna R, Sheldon D, Miklau G. 2019. Graphical-model based estimation and inference for differential privacy. PMLR 97:4435–44
    [Google Scholar]
  79. McSherry F, Talwar K. 2007. Mechanism design via differential privacy. 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07)94–103. New York: IEEE
    [Google Scholar]
  80. McSherry FD. 2009. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data19–30. New York: ACM
    [Google Scholar]
  81. Minami K, Arai H, Sato I, Nakagawa H 2016. Differential privacy without sensitivity. Advances in Neural Information Processing Systems 29 (NIPS 2016) D Lee, M Sugiyama, U Luxburg, I Guyon, R Garnett 956–64. Red Hook, NY: Curran
    [Google Scholar]
  82. Mironov I. 2012. On significance of the least significant bits for differential privacy. Proceedings of the 2012 ACM Conference on Computer and Communications Security650–61. New York: ACM
    [Google Scholar]
  83. Mitchell S, Potash E, Barocas S, D'Amour A, Lum K 2021. Algorithmic fairness: choices, assumptions, and definitions. Annu. Rev. Stat. Appl. 8:141–63
    [Google Scholar]
  84. Nissim K, Raskhodnikova S, Smith A. 2007. Smooth sensitivity and sampling in private data analysis. Proceedings of the Thirty-Ninth Annual ACM Symposium on Theory of Computing75–84. New York: ACM
    [Google Scholar]
  85. Ohm P. 2009. Broken promises of privacy: Responding to the surprising failure of anonymization. UCLA Law Rev. 57:1701–73
    [Google Scholar]
  86. Raghunathan TE. 2021. Synthetic data. Annu. Rev. Stat. Appl. 8:129–40
    [Google Scholar]
  87. Reimherr M, Awan J 2019. KNG: The K-norm gradient mechanism. Advances in Neural Information Processing Systems 32 (NeurIPS 2019) H Wallach, H Larochelle, A Beygelzimer, F d'Alché-Buc, E Fox, R Garnett Red Hook, NY: Curran
    [Google Scholar]
  88. Rogaway P. 2015. The moral character of cryptographic work. Work. Pap. 1162, IACR Cryptol. ePrint Arch.
    [Google Scholar]
  89. Seeman J, Brummet Q. 2021. Posterior risk and utility from private synthetic weighted survey data Presented at World Meeting of the International Society for Bayesian Analysis (ISBA), virtual, June 28–July 2
    [Google Scholar]
  90. Seeman J, Reimherr M, Slavković A 2021. Exact privacy guarantees for Markov chain implementations of the exponential mechanism with artificial atoms. Advances in Neural Information Processing Systems 34 (NeurIPS 2021) M Ranzato, A Beygelzimer, Y Dauphin, PS Liang, J Wortman Vaughan Red Hook, NY: Curran
    [Google Scholar]
  91. Seeman J, Slavković A, Reimherr M 2020. Private posterior inference consistent with public information: a case study in small area estimation from synthetic census data. Privacy in Statistical Databases: UNESCO Chair in Data Privacy, International Conference, PSD 2020 J Domingo-Ferrer, K Muralidhar 323–36. New York: Springer
    [Google Scholar]
  92. Seeman J, Slavkovic A, Reimherr M. 2022. A formal privacy framework for partially private data. arXiv:2204.01102 [cs.CR]
  93. Seeman J, Susser D. 2022. Between privacy and utility Presented at Privacy Law Scholars Conference, Boston, June 2–3
    [Google Scholar]
  94. Selbst AD, Boyd D, Friedler SA, Venkatasubramanian S, Vertesi J. 2019. Fairness and abstraction in sociotechnical systems. FAT* '19: Proceedings of the Conference on Fairness, Accountability, and Transparency59–68. New York: ACM
    [Google Scholar]
  95. Skinner C. 2009. Statistical disclosure control for survey data. Handb. Stat. 29:381–96
    [Google Scholar]
  96. Skinner CJ, Shlomo N 2008. Assessing identification risk in survey microdata using log-linear models. J. Am. Stat. Assoc. 103:989–1001
    [Google Scholar]
  97. Slavkovic A. 2013. Steve the matchmaker: the marriage of statistics and computer science in the world of data privacy. CHANCE 26:44–7
    [Google Scholar]
  98. Slavkovic A, Molinari R 2021. Perturbed M-estimation: a further investigation of robust statistics for differential privacy. Statistics in the Public Interest AL Carriquiry, JM Tanur, WF Eddy 337–61. New York: Springer
    [Google Scholar]
  99. Slavković AB. 2004. Statistical disclosure limitation beyond the margins PhD Thesis, Carnegie Mellon Univ. Pittsburgh, PA:
    [Google Scholar]
  100. Slavković AB, Karwa V. 2019. Statistical inference and privacy, part I Presented at Data Privacy: Foundations and Applications Boot Camp, Simons Inst. Berkeley, CA:
    [Google Scholar]
  101. Smith A. 2011. Privacy-preserving statistical estimation with optimal convergence rates. Proceedings of the Forty-Third Annual ACM Symposium on Theory of Computing813–22. New York: ACM
    [Google Scholar]
  102. Snoke J, Brick TR, Slavković A, Hunter MD. 2018a. Providing accurate models across private partitioned data: secure maximum likelihood estimation. Ann. Appl. Stat. 12:2877–914
    [Google Scholar]
  103. Snoke J, Raab GM, Nowok B, Dibben C, Slavkovic A. 2018b. General and specific utility measures for synthetic data. J. R. Stat. Soc. Ser. A 181:3663–88
    [Google Scholar]
  104. Snoke J, Slavković A. 2018. pMSE mechanism: differentially private synthetic data with maximal distributional similarity. Privacy in Statistical Databases: UNESCO Chair in Data Privacy, International Conference, PSD 2018 J Domingo-Ferrer, F Montes 138–59. New York: Springer
    [Google Scholar]
  105. Song S, Chaudhuri K, Sarwate AD. 2013. Stochastic gradient descent with differentially private updates. 2013 IEEE Global Conference on Signal and Information Processing245–48. New York: IEEE
    [Google Scholar]
  106. Song S, Wang Y, Chaudhuri K. 2017. Pufferfish privacy mechanisms for correlated data. Proceedings of the 2017 ACM International Conference on Management of Data1291–306. New York: ACM
    [Google Scholar]
  107. Stoller SD 2011. Trust management in databases. Encyclopedia of Cryptography and Security HCA van Tilborg, S Jajodia 1326–27. New York: Springer
    [Google Scholar]
  108. Sweeney L. 2002. k-Anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowledge-Based Syst. 10:5557–70
    [Google Scholar]
  109. Torkzadehmahani R, Kairouz P, Paten B 2019. DP-CGAN: differentially private synthetic data and label generation. 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops98–104. New York: IEEE
    [Google Scholar]
  110. Tsiatis AA. 2006. Semiparametric Theory and Missing Data New York: Springer
    [Google Scholar]
  111. Ullman J. 2021. Statistical inference is not a privacy violation Differential Privacy Blog, June 3. https://differentialprivacy.org/inference-is-not-a-privacy-violation/
    [Google Scholar]
  112. Vadhan S 2017. The complexity of differential privacy. Tutorials on the Foundations of Cryptography Y Lindell 347–450. New York: Springer
    [Google Scholar]
  113. Vatsalan D, Christen P, Verykios VS 2013. A taxonomy of privacy-preserving record linkage techniques. Inform. Syst. 38:6946–69
    [Google Scholar]
  114. Vershynin R. 2018. High-Dimensional Probability: An Introduction with Applications in Data Science Cambridge, UK: Cambridge Univ. Press
    [Google Scholar]
  115. Vietri G, Tian G, Bun M, Steinke T, Wu S. 2020. New oracle-efficient algorithms for private synthetic data release. PMLR 119:9765–74
    [Google Scholar]
  116. Vu D, Slavkovic A. 2009. Differential privacy for clinical trial data: preliminary evaluations. Proceedings of the 2009 IEEE International Conference on Data Mining Workshops, ICDMW '09138–43. New York: IEEE
    [Google Scholar]
  117. Wang Y, Kifer D, Lee J, Karwa V. 2018. Statistical approximating distributions under differential privacy. J. Priv. Confid. 8:1 https://doi.org/10.29012/jpc.666
    [Google Scholar]
  118. Wang YX, Fienberg S, Smola A. 2015. Privacy for free: posterior sampling and stochastic gradient Monte Carlo. PMLR 37:2493–502
    [Google Scholar]
  119. Warner SL. 1965. Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60:30963–69
    [Google Scholar]
  120. Wasserman L, Zhou S. 2010. A statistical framework for differential privacy. J. Am. Stat. Assoc. 105:489375–89
    [Google Scholar]
  121. Westin AF. 1968. Privacy and freedom. Wash. Lee Law Rev. 25:1166
    [Google Scholar]
  122. Willenborg L, De Waal T. 1996. Statistical Disclosure Control in Practice New York: Springer
    [Google Scholar]
  123. Winkler WE 2004. Re-identification methods for masked microdata. Privacy in Statistical Databases DF Josep, V Torra 216–30. New York: Springer
    [Google Scholar]
/content/journals/10.1146/annurev-statistics-033121-112921
Loading
/content/journals/10.1146/annurev-statistics-033121-112921
Loading

Data & Media loading...

  • Article Type: Review Article
This is a required field
Please enter a valid email address
Approval was a Success
Invalid data
An Error Occurred
Approval was partially successful, following selected items could not be processed due to error