NIST Releases AI-focused Privacy Draft Guidance

The U.S. National Institute of Standards and Technology (NIST) released guidance designed to help organizations better protect consumer privacy as the use of artificial intelligence (AI) expands. The guidance is part of NIST’s work to fulfill an AI privacy guidance mandate in President Biden’s executive order on AI. The EO called for an evaluation of “the efficacy of differential-privacy-guarantee protections, including for AI.”

Draft NIST Special Publication (SP) 800-226, Guidelines for Evaluating Differential Privacy Guarantees, is designed primarily for other federal agencies, but it can be used by anyone. It will help data-centric organizations strike a balance between privacy and accurately using data to accomplish their research and business goals using differential privacy. Differential privacy involves adding a mathematical algorithm to a dataset that allows the data to be publicly released without revealing the individuals within the dataset.

The guidance and information in the draft are broken down into these three parts:

Part I: The Differential Privacy Guarantee

Differential privacy promises that the outcome of a data analysis or published dataset will be about the same whether or not the business contributed its data. In other words, any privacy harms that result from a differentially private analysis could have happened even if the business had not contributed its data. The guidance introduces differential privacy, describes its properties, explains how to reason about, and compare differential privacy guarantees, describes how the differential privacy guarantee can impact real-world outcomes, and highlights potential hazards in defining and evaluating these guarantees.

Part II: Differentially Private Algorithms

In general, differential privacy is achieved by adding random noise to analysis results. More noise yields better privacy but also degrades the utility of the result. This dynamic is often called the privacy-utility trade-off, and it can be difficult to achieve high utility and strong privacy protection in some cases. In addition, some differentially private techniques can create or magnify systemic, human, or statistical bias in results, so care must be taken to understand and mitigate these impacts. Differentially private algorithms exist for analytics queries (e.g., counting, histograms, summation, and averages), regression tasks, machine learning tasks, synthetic data generation, and the analysis of unstructured data. Implementing differentially private algorithms requires significant expertise. It can be difficult to get right and easy to get wrong, like implementing cryptography, so it is best to use existing libraries when possible.

Part III: Deploying Differential Privacy

Differential privacy provides privacy protection for data subjects in the context of intentional, differentially private data releases. However, differential privacy alone does not protect data as it is collected, stored, and analyzed. For example, sensitive data must be stored using best practices in secure data storage and access control policies or not stored at all. A data breach that leaks sensitive raw data will completely nullify any differential privacy guarantee established for that dataset.

“You can use differential privacy to publish analyses of data and trends without being able to identify any individuals within the dataset,” said Naomi Lefkovitz, manager of NIST’s Privacy Engineering Program and one of the publication’s editors. “But differential privacy technology is still maturing, and there are risks you should be aware of. We want this publication to help organizations evaluate differential privacy products and get a better sense of whether their creators’ claims are accurate.”

This new publication is an initial draft, and NIST is requesting public comments on it until Jan. 25, 2024. The comments will inform a final version to be published later in 2024.

Understanding Differential Privacy

Differential privacy is one of the more mature privacy-enhancing technologies used in data analytics, but it can be challenging for organizations to employ due to a lack of standards. Better comprehension of differential privacy is pressing, in part because of the rapid growth of artificial intelligence, which relies on large datasets to train its machine-learning models. Over the past decade, researchers have demonstrated that it is possible to attack these models and reconstruct the data they were trained on. 

NIST has created content to help organizations understand and implement differential privacy strategies, including the video below and this in-depth blog series.

At CompliancePoint, we have a team of privacy experts who can help your organization design and implement a privacy program that meets the requirements of all applicable regulations, including GDPR and the CCPA. Contact us at connect@compliancepoint.com to learn more about our suite of services.