Standard

IEEE WHITE PAPER

Publisert

Merknad: Denne standarden har en ny utgave: IEEE WHITE PAPER

For bestilling og priser av dette produktet ta kontakt med salg@standard.no

Omfang

INTRODUCTION MOTIVATION In the rapidly evolving landscape of data-driven innovation, the need to balance the benefits of data utilization with the imperative of privacy protection has never been more pressing. As organizations across all sectors in modern information economies increasingly rely on data to drive decision-making and innovation, the risks associated with handling sensitive personal information have become a significant concern. Synthetic data has emerged as a promising solution to this challenge. By generating artificial datasets that replicate the statistical properties of real data without containing actual personal information, synthetic data offers the hope of mitigating privacy risks while still allowing the harnessing of the power of data. Privacy is a contested and much-discussed term. Daniel Solove, one of the foremost privacy scholars, describes it as “a concept in disarray” (Solove [36]) and it is not within our remit to solve this issue.1 To be clear, this paper refers to one particular type of privacy: informational privacy. The paper further constrains the consideration of privacy risks to the risk of disclosure of information about an individual. The disclosure itself is considered a harm without weighing the importance of that disclosure or the downstream harms that might befall the data subjects as a consequence of the disclosure. This is partly to constrain the discussion to what is tractable, but also to focus attention on the problem that synthetic data is trying to solve—the prevention of unwanted disclosures about data subjects. Ensuring that synthetic data is truly privacy-preserving, yet still useful for its intended applications, requires a deep understanding of the trade-offs involved. While synthetic data is inherently less risky than real data, questions remain about the extent to which it can effectively protect privacy and the associated legal and ethical considerations. The growing adoption of synthetic data across industries underscores the need for a clear, standardized framework to evaluate its privacy and utility. Mission statement: The mission of the IEEE Synthetic Data Industry Connection (IC) is to provide a thorough and accessible framework for understanding and evaluating synthetic data, particularly structured synthetic data, used for privacy protection. This white paper aims to equip business users, data professionals, and policymakers with the knowledge and tools needed to assess when a synthetic dataset is sufficiently privacy-safe and anonymous for practical use, while also addressing the broader regulatory and technical challenges associated with synthetic data. KEY QUESTIONS This white paper addresses several critical questions that are central to the effective use of synthetic data: How effective is synthetic data in safeguarding individual privacy, and what metrics can be used to evaluate this effectiveness? What are the current legal and regulatory challenges related to synthetic data, and how can organizations navigate these complexities? How can synthetic data be effectively integrated into enterprise data ecosystems while maintaining compliance with privacy standards? Additionally, what specific privacy risks are associated with synthetic data, particularly in the context of informational privacy and the risk of data disclosure? The primary objective of the paper is to address the practical question that many business users face: How can one determine when a synthetic dataset is sufficiently private to be used with confidence? CONTRIBUTIONS This white paper makes several contributions to the field of structured synthetic data. It provides a comprehensive overview of the current challenges and debates surrounding the privacy implications of synthetic data and highlights the need for standardized privacy metrics. The white paper outlines potential frameworks for evaluating the privacy of synthetic data, enabling business users and data professionals to make informed decisions. It also explores the role of synthetic data as a valuable asset in organizational data catalogs and industry-specific marketplaces, offering insights into its integration across various domains. PAPER OUTLINE The remainder of this paper is structured as follows. Section 2 provides an overview of what synthetic data is, its types, and its uses. Section 3 examines the complex relationship between privacy laws and the generation and use of synthetic data, emphasizing the importance of understanding legal definitions, conducting risk assessments, and ensuring compliance with data protection principles throughout the synthetic data lifecycle. Section 4 explores the various methods and metrics for assessing the privacy and utility of synthetic data, focusing on how to evaluate the risk of reidentification and the effectiveness of privacy-preserving techniques. Section 5 provides a comprehensive guide on governing synthetic data within an enterprise, covering legal considerations, governance processes, and the implementation of technical and organizational measures to ensure compliance and effective management throughout the data lifecycle. Finally, Section 6 concludes the report with open areas of research, the broader adoption within organizations, as well as recommendations for future standardization efforts of synthetic data. 1 Numbers in brackets correspond to the references listed in Section 7.

Dokumentinformasjon

  • Standard fra IEEE_AC
  • Publisert:
  • Versjon: 0
  • Varetype: IS