Privacy in Responsible AI

Why Privacy Matters

Azure Machine Learning (AML) services enable data‑driven insights while respecting the privacy of individuals and organizations. Implementing privacy best practices ensures compliance with regulations such as GDPR, CCPA, and industry‑specific standards.

Key Privacy Features in AML

• Data Encryption: At‑rest and in‑transit encryption using Azure Storage Service Encryption and TLS 1.2+.
• Managed Identity & RBAC: Fine‑grained access control to datasets, compute, and models.
• Data Masking & Tokenization: Built‑in transformations to de‑identify sensitive fields.
• Differential Privacy: Noise injection techniques for aggregate analytics.
• Private Link: Secure private connectivity to AML workspaces.

Implementing Privacy Controls

1. Secure Workspace Access

   // Example: Assign a Reader role to a user
   az role assignment create \
     --assignee user@example.com \
     --role "Reader" \
     --scope /subscriptions/xxxx/resourceGroups/rg-aml/providers/Microsoft.MachineLearningServices/workspaces/aml-workspace

2. Enable Encryption

   Encryption is enabled by default. Verify with:

   az ml workspace show -n aml-workspace -g rg-aml --query encryption

3. Apply Data Masking

   Use the azureml.dataprep library to mask columns:

   from azureml.dataprep import Dataflow
   df = Dataflow.read_csv('s3://data/personal.csv')
   masked = df.replace('ssn', lambda x: 'XXX-XX-XXXX')
   masked.save('masked.csv')

4. Configure Private Link

   Follow the guide to create a private endpoint:

   az network private-endpoint create \
     --name aml-pe \
     --resource-group rg-aml \
     --vnet-name vnet-aml \
     --subnet subnet-aml \
     --private-connection-resource-id $(az ml workspace show -n aml-workspace -g rg-aml --query id -o tsv) \
     --group-id workspace

Further Reading

• Secure an AML workspace
• Data masking in AML
• Differential privacy overview
• Azure Private Link documentation