In personalized federated learning (PFL), the iterative federated clustering algorithm (IFCA) exacerbates membership inference attack (MIA) risks due to fine-grained client clustering—particularly threatening privacy of underrepresented, low-sample-size groups. This work is the first to embed MIA risk assessment directly into the federated clustering process, proposing a dual-objective (performance and privacy) dynamic cluster selection mechanism. Methodologically, we enhance IFCA by integrating differential-privacy-inspired risk quantification, client-level MIA vulnerability scoring, and an adaptive cluster assignment strategy. Experiments across multiple non-IID benchmark datasets demonstrate that our approach reduces average MIA success rates by 38% while preserving model accuracy and group fairness comparable to vanilla IFCA. The core contribution lies in privacy-aware co-optimization during clustering—simultaneously achieving high personalization performance and fine-grained, client-specific privacy guarantees.

Federated Learning (FL) has emerged as a promising paradigm for collaborative model training without the need to share clients' personal data, thereby preserving privacy. However, the non-IID nature of the clients' data introduces major challenges for FL, highlighting the importance of personalized federated learning (PFL) methods. In PFL, models are trained to cater to specific feature distributions present in the population data. A notable method for PFL is the Iterative Federated Clustering Algorithm (IFCA), which mitigates the concerns associated with the non-IID-ness by grouping clients with similar data distributions. While it has been shown that IFCA enhances both accuracy and fairness, its strategy of dividing the population into smaller clusters increases vulnerability to Membership Inference Attacks (MIA), particularly among minorities with limited training samples. In this paper, we introduce IFCA-MIR, an improved version of IFCA that integrates MIA risk assessment into the clustering process. Allowing clients to select clusters based on both model performance and MIA vulnerability, IFCA-MIR achieves an improved performance with respect to accuracy, fairness, and privacy. We demonstrate that IFCA-MIR significantly reduces MIA risk while maintaining comparable model accuracy and fairness as the original IFCA.