Defining and Enforcing Privacy in Data Sharing

Recent advances in processing and storing information has led to an explosion of data collec-tion. Many organizations like the Census, hospitals and even search engine companies collect, analyze anddistribute personal information in return for useful services. However, the collected data track entire pub-lic and private lives of individuals, thus resulting in an immense privacy risk of unauthorized disclosure.This dissertation presents novel conceptual and practical tools to ensure privacy of individuals while en-abling the dissemination of valuable data about humans to improve their lives. Our contributions includenovel formal definitions of privacy risk arising from unauthorized disclosure, and practical algorithms forenforcing these definitions of privacy.We consider two distinct settings of data dissemination that require different notions of privacy. In thefirst part of this dissertation, we consider a setting where no sensitive information should be disclosed. Weconsider the problem of deciding whether answering a query on a relational database leads to any disclo-sure of sensitive information. This problem was shown to be intractable; we propose practical algorithmsfor a reasonably large set of query classes.In the second part of the dissertation, we consider the problem of publishing “anonymous” aggregateinformation about populations of individuals while preserving the privacy of individual-specific informa-tion. We present a novel framework for reasoning about the privacy risk in this setting and present thefirst formal privacy definition and practical algorithms for publishing “anonymous” data that provablyguarantees privacy of the individuals contributing to the data while releasing useful aggregate informa-tion. We also present a case study of applying formal privacy definitions to a real Census data publishingapplication.