This paper addresses the challenge of simultaneously achieving privacy preservation, task utility, and computational efficiency in large language model (LLM) fine-tuning. It systematically investigates the privacy properties of parameter-efficient fine-tuning (PEFT) methods—particularly Low-Rank Adaptation (LoRA)—contrary to the prevailing assumption that differential privacy (DP) is the sole low-risk approach. The study reveals, for the first time, that LoRA inherently suppresses memorization of sensitive tokens, attaining privacy guarantees comparable to DP while incurring only 10–20% of DP’s inference overhead. A fine-grained joint privacy-utility evaluation framework is proposed and empirically validated across diverse LLMs (Pythia, Gemma, Llama) and cross-domain datasets. Results demonstrate that LoRA maintains high task performance while significantly reducing privacy risk—challenging the conventional trade-off paradigm between privacy and efficiency—and establishing a lightweight, trustworthy pathway for LLM adaptation.

We study the inherent trade-offs in minimizing privacy risks and maximizing utility, while maintaining high computational efficiency, when fine-tuning large language models (LLMs). A number of recent works in privacy research have attempted to mitigate privacy risks posed by memorizing fine-tuning data by using differentially private training methods (e.g., DP), albeit at a significantly higher computational cost (inefficiency). In parallel, several works in systems research have focussed on developing (parameter) efficient fine-tuning methods (e.g., LoRA), but few works, if any, investigated whether such efficient methods enhance or diminish privacy risks. In this paper, we investigate this gap and arrive at a surprising conclusion: efficient fine-tuning methods like LoRA mitigate privacy risks similar to private fine-tuning methods like DP. Our empirical finding directly contradicts prevailing wisdom that privacy and efficiency objectives are at odds during fine-tuning. Our finding is established by (a) carefully defining measures of privacy and utility that distinguish between memorizing sensitive and non-sensitive tokens in training and test datasets used in fine-tuning and (b) extensive evaluations using multiple open-source language models from Pythia, Gemma, and Llama families and different domain-specific datasets.