The methodology of differential privacy has provided a strong definition of privacy which in some settings, using a mechanism of doubly-exponential noise addition, also allows for extraction of informative statistics from databases. In a recent paper, Barak et al. extend this approach to the release of a specified set of margins from a multi-way contingency table. Privacy protection in such settings implicitly focuses on small cell counts that might allow for the identification of units that are unique in the database. We explore how well the mechanism works in the context of a series of examples, and the extent to which the proposed differential-privacy mechanism allows for sensible inferences from the released data. We conclude that the methodology, as it is currently formulated, is problematic in the context of the types of large sparse contingency tables encountered in statistical practice.
Yang, Xiaolin; Fienberg, Stephen E.; and Rinaldo, Alessandro
"Differential Privacy for Protecting Multi-dimensional Contingency Table Data: Extensions and Applications,"
Journal of Privacy and Confidentiality:
1, Article 5.
Available at: http://repository.cmu.edu/jpc/vol4/iss1/5