BU Cyber Alliance to host 3/12 Seminar, Featuring Alexandra Wood (Harvard)
12:30 PM – 2:00 PM on Monday, March 12, 2018
BUild Lab, 730 Commonwealth Avenue
Bridging Privacy Definitions: Differential Privacy and Privacy Concepts from Law and Policy
Research Fellow, Berkman Klein Center for Internet & Society
Abstract: Interest in differential privacy is growing among policymakers and privacy practitioners as an approach to satisfying legal and policy requirements for privacy protection when using and sharing personal information. However, demonstrating that formal privacy models such as differential privacy satisfy legal requirements for privacy protection is a significant challenge due to conceptual gaps between the legal and technical definitions.
This presentation discusses how the use of differential privacy can be understood to be sufficient to satisfy a wide range of legal and policy requirements, despite these definitional gaps. It draws from specific examples of privacy requirements from a selection of laws such as the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, Title 13 of the U.S. Code (governing the US Census Bureau), and the Confidential Information Protection and Statistical Efficiency Act (CIPSEA). Key concepts from these legal requirements that are found to be relevant to privacy in computation include personally identifiable information, de-identification, linkage, inference, identification risk, expert determination, consent and opting out, and purpose and access limitations.
While none of these legal and policy concepts refer directly to differential privacy, the differential privacy guarantee can be interpreted to address these concepts while accommodating differences in how they are defined and interpreted. A series of examples is provided to show how policymakers and privacy practitioners can interpret the differential privacy guarantee as sufficient to satisfy legal and policy requirements that rely on these concepts. This approach can, in turn, guide practitioners in the future as they make decisions when analyzing and sharing statistical data about individuals, informing individuals about the privacy protection they will be afforded, and designing policies and regulations for robust privacy protection.
Bio: Alexandra Wood is a fellow at the Berkman Klein Center for Internet & Society at Harvard University. She contributes legal and policy expertise to the Harvard Privacy Tools project, which aims to advance a multidisciplinary understanding of data privacy and to embed this understanding in new technical and legal tools for responsible data sharing. Her research involves exploring legal and regulatory frameworks for privacy and data protection in light of recent advances in privacy from fields such as computer science, social science, and law. She also contributes to the development of legal instruments to facilitate the sharing and use of research data while preserving privacy, transparency, and accountability.