Consider an agency holding a large database of sensitive personal information (perhaps medical records, census survey answers, or web search records). The agency would like to discover and publicly release global characteristics of the data (say, to inform policy and business decisions) while protecting the privacy of individuals' records. This problem is known variously as “statistical disclosure control”, “privacy–preserving data mining” or simply “database privacy”. In this talk, we describe “differential privacy”, a notion which emerged from a recent line of work in theoretical computer science that seeks to formulate and satisfy rigorous definitions of privacy for such statistical databases. We also sketch some basic techniques for achieving differential privacy.