English

Class Clown: Data Redaction in Machine Unlearning at Enterprise Scale

Cryptography and Security 2020-12-10 v1

Abstract

Individuals are gaining more control of their personal data through recent data privacy laws such the General Data Protection Regulation and the California Consumer Privacy Act. One aspect of these laws is the ability to request a business to delete private information, the so called "right to be forgotten" or "right to erasure". These laws have serious financial implications for companies and organizations that train large, highly accurate deep neural networks (DNNs) using these valuable consumer data sets. However, a received redaction request poses complex technical challenges on how to comply with the law while fulfilling core business operations. We introduce a DNN model lifecycle maintenance process that establishes how to handle specific data redaction requests and minimize the need to completely retrain the model. Our process is based upon the membership inference attack as a compliance tool for every point in the training set. These attack models quantify the privacy risk of all training data points and form the basis of follow-on data redaction from an accurate deployed model; excision is implemented through incorrect label assignment within incremental model updates.

Keywords

Cite

@article{arxiv.2012.04699,
  title  = {Class Clown: Data Redaction in Machine Unlearning at Enterprise Scale},
  author = {Daniel L. Felps and Amelia D. Schwickerath and Joyce D. Williams and Trung N. Vuong and Alan Briggs and Matthew Hunt and Evan Sakmar and David D. Saranchak and Tyler Shumaker},
  journal= {arXiv preprint arXiv:2012.04699},
  year   = {2020}
}

Comments

8 pages, 7 figures

R2 v1 2026-06-23T20:49:40.841Z