SI-19(6)—Differential Privacy
>Control Description
>Cross-Framework Mappings
>Supplemental Guidance
The mathematical definition for differential privacy holds that the result of a dataset analysis should be approximately the same before and after the addition or removal of a single data record (which is assumed to be the data from a single individual). In its most basic form, differential privacy applies only to online query systems. However, it can also be used to produce machine-learning statistical classifiers and synthetic data.
Differential privacy comes at the cost of decreased accuracy of results, forcing organizations to quantify the trade-off between privacy protection and the overall accuracy, usefulness, and utility of the de-identified dataset. Non-deterministic noise can include adding small, random values to the results of mathematical operations in dataset analysis.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern differential privacy?
- •Who is responsible for monitoring system and information integrity?
- •How frequently are integrity monitoring processes reviewed and updated?
Technical Implementation:
- •What technical controls detect and respond to differential privacy issues?
- •How are integrity violations identified and reported?
- •What automated tools support system and information integrity monitoring?
Evidence & Documentation:
- •Can you provide recent integrity monitoring reports or alerts?
- •What logs demonstrate that SI-19(6) is actively implemented?
- •Where is evidence of integrity monitoring maintained and for how long?
Ask AI
Configure your API key to use AI features.