About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

63 Jurimetrics 263 (2022-2023)
Epsilon-Differential Privacy, and a Two-Step Test for Quantifying Reidentification Risk

handle is hein.journals/juraba63 and id is 299 raw text is: EPSILON-DIFFERENTIAL PRIVACY, AND A TWO-STEP TEST FOR QUANTIFYING REIDENTIFICATION RISK Nathan Reitinger* and Amol Deshpande** ABSTRACT: Sharing data in the twenty-first century is fraught with error. Most com- monly, data is freely accessible, surreptitiously stolen, and easily capitalized in the pur- suit of monetary maximization. But when data does find itself shrouded behind the veil of personally identifiable information (PII), it becomes nearly sacrosanct, impenetrable without consideration of ambiguous (yet penalty-rich) statutory law-inhibiting utility. Either choice, unnecessarily stifling innovation or indiscriminately pilfering privacy, leaves much to be desired. This Article proposes a novel, two-step test for creating futureproof, bright-line rules around the sharing of legally protected data. The cmx of the test centers on identi- fying a legal comparator between a particular data sanitization standard-differential pri- vacy: a means of analyzing mechanisms that manipulate, and therefore sanitize, data- and statutory law. Step one identifies a proxy value for reidentification risk which may be easy calculated from an 8-differentially private mechanism: the guess difference. Step two finds a corollary in statutory law: the maximum reidentification risk a statute toler- ates when permitting confidential data sharing. If step one is lower than or equal to step two, any output derived using the mechanism may be considered legally shareable; the mechanism itself may be deemed (statute, 8)-differentially private. The two-step test provides clarity to data stewards hosting legally or possibly legally protected data, greasing the wheels in advancements in science and technology by providing an avenue for protected, compliant, and useful data sharing. CITATION: Nathan Reitinger & Amol Deshpande, Epsilon-Differential Privacy, and a Two-Step Test for Quantifying Reidentification Risk, 63 JURIMETRICS J. 263-317 (2023). *Ph.D. Candidate, University of Maryland, Department of Computer Science; M.S., Columbia University; J.D., magna cum laude, Michigan State University. This Article benefitted from the Privacy Law Scholars Workshop, 2022. For detailed comments on prior drafts, the authors thank Michael Hawes, Steven Bellovin, Ido Sivan-Sevilla, and Rachel Cummings. The editors of Jurimet- rics also provided invaluable assistance in the preparation of this Article. ..Professor of Computer Science at the University of Maryland at College Park, with a joint appointment in the University of Maryland Institute for Advanced Computer Studies (UMIACS). SPRING 2023 263

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most