Prior-itizing Privacy: A Bayesian Approach to Setting the Privacy Budget in Differential Privacy
When releasing outputs from confidential data, agencies need to balance the analytical usefulness of the released data with the obligation to protect data subjects' confidentiality. For releases satisfying differential privacy, this balance is reflected by the parameter epsilon, known as the privacy budget. In practice, it can be difficult for agencies to select and interpret epsilon. We use Bayesian posterior probabilities of disclosure to provide a framework for setting epsilon. The agency decides how much posterior risk it is willing to accept in a data release at various levels of prior risk. Using a mathematical relationship among these probabilities and epsilon, the agency selects the maximum epsilon that ensures the posterior-to-prior ratios are acceptable for all values of prior disclosure risk. The framework applies to any differentially private mechanism.
READ FULL TEXT