This work exposes passive privacy leakage in AI classifiers arising from residual “footprints” of training data—particularly pronounced under class imbalance and distributional shift. We systematically evaluate eight mainstream classifiers to quantify their intrinsic data identifiability for the first time, establishing a vulnerability taxonomy. To mitigate this risk, we propose a data obfuscation framework integrating differential perturbation with adaptive noise injection, enabling joint privacy protection for both training data and the resulting model during training. Empirical evaluation across three benchmark datasets reveals significant footprint leakage in six classifier types. Our method reduces sensitive data identification rates by an average of 62%, while incurring less than 5% accuracy degradation—substantially improving the privacy–utility Pareto frontier.

The avalanche of AI deployment and its security-privacy concerns are two sides of the same coin. Article 17 of GDPR calls for the Right to Erasure; data has to be obliterated from a system to prevent its compromise. Extant research in this aspect focuses on effacing sensitive data attributes. However, several passive modes of data compromise are yet to be recognized and redressed. The embedding of footprints of training data in a prediction model is one such facet; the difference in performance quality in test and training data causes passive identification of data that have trained the model. This research focuses on addressing the vulnerability arising from the data footprints. The three main aspects are -- i] exploring the vulnerabilities of different classifiers (to segregate the vulnerable and the non-vulnerable ones), ii] reducing the vulnerability of vulnerable classifiers (through data obfuscation) to preserve model and data privacy, and iii] exploring the privacy-performance tradeoff to study the usability of the data obfuscation techniques. An empirical study is conducted on three datasets and eight classifiers to explore the above objectives. The results of the initial research identify the vulnerability in classifiers and segregate the vulnerable and non-vulnerable classifiers. The additional experiments on data obfuscation techniques reveal their utility to render data and model privacy and also their capability to chalk out a privacy-performance tradeoff in most scenarios. The results can aid the practitioners with their choice of classifiers in different scenarios and contexts.