Differential privacy and statistical disclosure risk measures: An investigation with binary synthetic data
We compare the disclosure risk criterion of ε-differential privacy with a criterion based on probabilities that intruders uncover actual values given the released data. To do so, we generate fully synthetic data that satisfy ε-differential privacy at different levels of ε, make assumptions about the information available to intruders, and compute posterior probabilities of uncovering true values. The simulation results suggest that the two paradigms are not easily reconciled, since differential privacy is agnostic to the specific values in the observed data whereas probabilistic disclosure risk measures depend greatly on them. The results also suggest, perhaps surprisingly, that probabilistic disclosure risk measures can be small even when ε is large. Motivated by these findings, we present an alternative disclosure risk assessment approach that integrates some of the strong confidentiality protection features in ε-differential privacy with the interpretability and data-specific nature of probabilistic disclosure risk measures.