A method of decreasing connectability of derived data, using local differential privacy

摘要

A lot of personal data in the company are processed into various formats for each purpose of use, such as aggregate tables, and are generally stored as derived data. After the enforcement of the GDPR, when the user exercises “right to the erasure of personal data”, the companies are obliged to delete any link, or copy of the data taking all reasonable measures. On the other hand, since the data necessary for companies to comply with legal obligations should be retained, risk assessment of data to be deleted and data to be left is necessary. However, many derived data can be combined and the original data may be restored, and it is difficult to determine whether the data should be deleted. In this paper, we propose a method to measure the connectability of each attribute between derived data and manage the relationship by a graph structure. Then, by searching as a route the connectivity between the derived data, we measure the risk of connecting and restoring personal data. Using this structure, we propose a method to reduce connectability by using local differential privacy to disturb only the attribute with the highest connectability among the searched routes. And we also propose a measurement method of privacy protection index necessary to process to the level that cannot distinguish the users when two people were extracted from a database and applied differential privacy, and the effect was verified by experiments.