Differential Privacy for the Vast Majority.

Differential privacy has become one of the widely used mechanisms for protecting sensitive information in databases and information systems. Although differential privacy provides a clear measure of privacy guarantee, it implicitly assumes that each individual corresponds to a single record in the result of a database query. This assumption may not hold in many database query applications. When an individual has multiple records, strict implementation of differential privacy may cause significant information loss. In this study, we extend the differential privacy principle to situations where multiple records in a database are associated with the same individual. We propose a new privacy principle that integrates differential privacy with the Pareto principle in analyzing privacy risk and data utility. When applied to the situations with multiple records per person, the proposed approach can significantly reduce the information loss in the released query results with a relatively small relaxation in the differential privacy guarantee. The effectiveness of the proposed approach is evaluated using three real-world databases.