Overview
Differential privacy is a technique that adds "noise" to data to protect the privacy of individual records. It makes it challenging to extract information about specific individuals while still providing useful statistical insights. Using the FCP, you can set the level of noise added by your chosen privacy settings, depending on the sensitivity of the data.
Differential Privacy Enforcement Levels
The Rhino Health Platform offers four privacy enforcement levels:
- None; No noise will be added. Suitable for projects where no privacy constraints are required.
- Low: Single-element metrics (e.g., percentiles) will always have noise added, but aggregate statistics (e.g., mean, standard deviation) will not. Suitable for projects with a moderate privacy requirement while allowing accurate aggregate statistics.
-
Medium: Single-element metrics (e.g., percentiles) will always have noise added, and aggregate statistics (e.g., mean, standard deviation) will have noise added if the unique values they are based on aren't diverse (
num_unique_values < k
). Suitable for most common projects. - High: All values will have some noise added, even if they are sufficiently aggregated. Suitable for projects with a strong privacy requirement, sacrificing some data accuracy for increased privacy.
Metric | None | Low | Medium | High |
Percentile | No noise added | Noise added | Noise added | Noise added |
Mean Standard Deviation Sum Count |
No noise added | No noise added | Noise is added if num_unique_values is smaller than the project's k anonymity factor
|
Noise added |
Kaplan Meier | No noise added | Noise is added to the time values, solely to aggregated times which are created by combining time intervals when the number of events falls below the k anonymity factor. For more details, see the Kaplan Meier documentation. | Noise is added to the time vector, solely to aggregated times which are created by combining time intervals when the number of events falls below the k anonymity factor. For more details, see the Kaplan Meier documentation. | Noise is added to all of the time values. |
Configuring Differential Privacy
To configure the differential privacy enforcement level for a project:
1. Create a New Project: When creating a new project, select the desired "Differential Privacy Enforcement" setting (None, Low, Medium, High).
2. Existing Projects: Existing projects have a DP enforcement level of "Medium" unless configured otherwise.