book

Practical Data Privacy

Name: Practical Data Privacy
Author: Katharine Jarmul
ISBN: 9781098129460

by Katharine Jarmul

May 2023

Intermediate to advanced

346 pages

11h

English

O'Reilly Media, Inc.

Read now

Unlock full access

Foreword
Preface
What Is Data Privacy?Who Should Read This BookPrivacy EngineeringWhy I Wrote This BookNavigating This BookConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningAcknowledgments
1. Data Governance and Simple Privacy Approaches
Data Governance: What Is It?Identifying Sensitive DataIdentifying PIIDocumenting Data for UseBasic Data DocumentationFinding and Documenting Unknown DataTracking Data LineageData Version ControlBasic Privacy: Pseudonymization for Privacy by DesignSummary
2. Anonymization
What Is Anonymization?Defining Differential PrivacyUnderstanding Epsilon: What Is Privacy Loss?What Differential Privacy Guarantees, and What It Doesn’tUnderstanding Differential PrivacyDifferential Privacy in Practice: Anonymizing the US CensusDifferential Privacy with the Laplace MechanismDifferential Privacy with Laplace: A Naive AttemptSensitivity and ErrorPrivacy Budgets and CompositionExploring Other Mechanisms: Gaussian Noise for Differential PrivacyComparing Laplace and Gaussian NoiseReal-World Differential Privacy: Debiasing Noisy ResultsSensitivity and Privacy UnitsWhat About k-Anonymity?Summary
3. Building Privacy into Data Pipelines
How to Build Privacy into Data PipelinesDesign Appropriate Privacy MeasuresMeet Users Where They AreEngineer Privacy InTest and VerifyEngineering Privacy and Data Governance into PipelinesAn Example Data Sharing WorkflowAdding Provenance and Consent Information to CollectionUsing Differential Privacy Libraries in PipelinesCollecting Data AnonymouslyApple’s Differentially Private Data CollectionWhy Chrome’s Original Differential Privacy Collection DiedWorking with Data Engineering Team and LeadershipShare ResponsibilityCreate Workflows with Documentation and PrivacyPrivacy as a Core Value PropositionSummary
4. Privacy Attacks
Privacy Attacks: Analyzing Common Attack VectorsNetflix Prize AttackLinkage AttacksSingling Out AttacksStrava Heat Map AttackMembership Inference AttackInferring Sensitive AttributesOther Model Leakage Attacks: MemorizationModel-Stealing AttacksAttacks Against Privacy ProtocolsData SecurityAccess ControlData Loss PreventionExtra Security ControlsThreat Modeling and Incident ResponseProbabilistic Reasoning About AttacksAn Average AttackerMeasuring Risk, Assessing ThreatsData Security MitigationsApplying Web Security BasicsProtecting Training Data and ModelsStaying Informed: Learning About New AttacksSummary
5. Privacy-Aware Machine Learning and Data Science
Using Privacy-Preserving Techniques in Machine LearningPrivacy-Preserving Techniques in a Typical Data Science or ML WorkflowPrivacy-Preserving Machine Learning in the WildDifferentially Private Stochastic Gradient DescentOpen Source Libraries for PPMLEngineering Differentially Private FeaturesApplying Simpler MethodsDocumenting Your Machine LearningOther Ways of Protecting Privacy in Machine LearningArchitecting Privacy in Data and Machine Learning ProjectsUnderstanding Your Data Privacy NeedsMonitoring PrivacySummary
6. Federated Learning and Data Science
Distributed DataWhy Use Distributed Data?How Does Distributed Data Analysis Work?Privacy-Charging Distributed Data with Differential PrivacyFederated LearningFederated Learning: A Brief HistoryWhy, When, and How to Use Federated LearningArchitecting Federated SystemsExample DeploymentSecurity ThreatsUse CasesDeploying Federated Libraries and ToolsOpen Source Federated LibrariesFlower: Unified OSS for Federated Learning LibrariesA Federated Data Science Future OutlookSummary
7. Encrypted Computation
What Is Encrypted Computation?When to Use Encrypted ComputationPrivacy Versus SecrecyThreat ModelingTypes of Encrypted ComputationSecure Multiparty ComputationHomomorphic EncryptionReal-World Encrypted ComputationPrivate Set IntersectionPrivate Join and ComputeSecure AggregationEncrypted Machine LearningGetting Started with PSI and MooseImagining a World with Secure Data SharingSummary
8. Navigating the Legal Side of Privacy
GDPR: An OverviewFundamental Data Rights Under GDPRData Controller Versus Data ProcessorApplying Privacy-Enhancing Technologies for GDPRGDPR’s Data Protection Impact Assessment: Agile and Iterative Risk AssessmentsRight to an Explanation: Interpretability and PrivacyCalifornia Consumer Privacy Act (CCPA)Applying PETs for CCPAOther Regulations: HIPAA, LGPD, PIPL, and More!Internal Policies and ContractsReading Privacy Policies and Terms of ServiceReading Data Processing AgreementsReading Policies, Guidelines, and ContractsWorking with Legal ProfessionalsAdhering to Contractual Agreements and Contract LawInterpreting Data Protection RegulationsAsking for Help and AdviceWorking Together on Shared Definitions and IdeasProviding Technical GuidanceData Governance 2.0What Is Federated Governance?Supporting a Culture of ExperimentationDocumentation That Works, Platforms with PETsSummary

9. Privacy and Practicality Considerations
Getting Practical: Managing Privacy and Security RiskEvaluating and Managing Privacy RiskEmbracing Uncertainty While Planning for the FuturePractical Privacy Technology: Use-Case AnalysisFederated Marketing: Guiding Marketing Campaigns with Privacy Built InPublic-Private Partnerships: Sharing Data for Public HealthAnonymized Machine Learning: Looking for GDPR Compliance in Iterative Training SettingsBusiness-to-Business Application: Hands-Off DataStep-by-Step: How to Integrate and Automate Privacy in MLIterative DiscoveryDocumenting Privacy RequirementsEvaluating and Combining ApproachesShifting to AutomationMaking Privacy NormalEmbracing the Future: Working with Research Libraries and TeamsWorking with External ResearchersInvesting in Internal ResearchSummary
10. Frequently Asked Questions (and Their Answers!)
Encrypted Computation and Confidential ComputingIs Secure Computation Quantum-Safe?Can I Use Enclaves to Solve Data Privacy or Data Secrecy Problems?What If I Need to Protect the Privacy of the Client or User Who Sends the Database Query or Request?Do Clean Rooms or Remote Data Analysis/Access Solve My Privacy Problem?I Want to Provide Perfect Privacy or Perfect Secrecy. Is That Possible?How Do I Determine That an Encrypted Computation Is Secure Enough?If I Want to Use Encrypted Computation, How Do I Manage Key Rotation?What Is Google’s Privacy Sandbox? Does It Use Encrypted Computation?Data Governance and Protection MechanismsWhy Isn’t k-Anonymity Enough?I Don’t Think Differential Privacy Works for My Use Case. What Do I Do?Can I Use Synthetic Data to Solve Privacy Problems?How Should Data Be Shared Ethically or What Are Alternatives to Selling Data?How Can I Find All the Private Information That I Need to Protect?I Dropped the Personal Identifiers, so the Data Is Safe Now, Right?How Do I Reason About Data I Released in the Past?I’m Working on a BI Dashboard or Visualization. How Do I Make It Privacy-Friendly?Who Makes Privacy Engineering Decisions? How Do I Fit Privacy Engineering into My Organization?What Skills or Background Do I Need to Become a Privacy Engineer?Why Didn’t You Mention (Insert Technology or Company Here)? How Do I Learn More? Help!GDPR and Data Protection RegulationsDo I Really Need to Use Differential Privacy to Remove Data from GDPR/CPRA/LGPD/etc. Requirements?I Heard That I Can Use Personal Data Under GDPR for Legitimate Interest. Is That Correct?I Want to Comply with Schrems II and Transatlantic Data Flows. What Are Possible Solutions?Personal Choices and Social PrivacyWhat Email Provider, Browser, and Application Should I Use if I Care About My Privacy?My Friend Has an Automated Home or Phone Assistant. I Don’t Want It Listening to Me. What Should I Do?I Gave Up on Privacy a Long Time Ago. I Have Nothing to Hide. Why Should I Change?Can I Just Sell My Own Data to Companies?I Like Personalized Ads. Why Don’t You?Is (Fill in the Blank) Listening to Me? What Should I Do About It?Summary
11. Go Forth and Engineer Privacy!
Surveillance Capitalism and Data ScienceGig Workers and Surveillance at WorkSurveillance for “Security”Luxury SurveillanceVast Data Collection and SocietyMachine Learning as Data LaunderingDisinformation and MisinformationFighting BackResearching, Documenting, Hacking, LearningCollectivizing DataRegulation Fining BackSupporting Community WorkPrivacy ChampionsYour Privacy-Aware MultitoolBuilding Trustworthy Machine Learning SystemsPrivacy by DesignPrivacy and PowerTschüss
Index
About the Author

Overview

Between major privacy regulations like the GDPR and CCPA and expensive and notorious data breaches, there has never been so much pressure to ensure data privacy. Unfortunately, integrating privacy into data systems is still complicated. This essential guide will give you a fundamental understanding of modern privacy building blocks, like differential privacy, federated learning, and encrypted computation. Based on hard-won lessons, this book provides solid advice and best practices for integrating breakthrough privacy-enhancing technologies into production systems.

Practical Data Privacy answers important questions such as:

What do privacy regulations like GDPR and CCPA mean for my data workflows and data science use cases?
What does "anonymized data" really mean? How do I actually anonymize data?
How does federated learning and analysis work?
Homomorphic encryption sounds great, but is it ready for use?
How do I compare and choose the best privacy-preserving technologies and methods? Are there open-source libraries that can help?
How do I ensure that my data science projects are secure by default and private by design?
How do I work with governance and infosec teams to implement internal policies appropriately?

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098129453Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills