An important problem in database management is to protect the privacy of
the individual contributors, while allowing access to the aggregate
information contained in the database. There are two approaches to
addressing this problem: in the interactive approach, a trusted authority
controls access to the database and monitors its privacy, while in the
non-interactive approach, a modified (sanitized) version of the database
is made publicly available. While the former approach has received much
attention recently, there is little theoretical work on the latter. I will
present a theoretical framework for describing and comparing the privacy
and utility offered by non-interactive approaches to privacy. I will
describe some techniques for achieving good privacy under this framework
and also discuss the limitations of the non-interactive approach.