Ellison Anne Williams, CEO and founder of Enveil, identifies three use cases for Privacy Enhancing Technologies that are transforming data usage for organisations
The family of technologies known as Privacy Enhancing Technologies, or PETs, has recently been attracting a lot of attention. In December, the UK and US announced a joint initiative aimed at advancing the PETs “to help mature and facilitate adoption of these promising technologies”. Last month, the UN joined in, launching a PETs Lab pilot focused on utilising PETs to advance the security of international data sharing. These efforts echo the findings of industry analysts such as Gartner, who have identified these privacy-protection techniques as a Top Strategic Technology Trend for 2022.
While attention from such notable groups certainly raises visibility, the impact of PETs will ultimately be measured by the value delivered. Technology leaders may appreciate learning about innovation for the sake of advancing their own knowledge, but they will only invest time and resources in capabilities that solve real business problems. This requires use cases and applications that are practical, scalable, and ready to implement. And although many technologies in the PETs categories, such as secure multiparty computation, homomorphic encryption and differential privacy, have long been favorites among the academic and research communities, breakthroughs in recent years have moved the category from ‘theoretical, but promising’ to ‘business-ready’ — and it’s time for business and technology leaders to take notice.
The core value of PETs is in their ability to protect data while it’s being used or processed, delivering business-enabling capabilities that can shift the data usage paradigm. They do not replace, but rather complement, long-established measures of protecting data while at rest on the file system and in transit as it moves through the network. They enable and enhance privacy by ensuring data is protected throughout its lifecycle. Today we’ll look at three practical use cases across three distinct industries where PETs are uniquely adding value today.
Data Privacy Day 2022: keeping data secure in the organisation
Cross-boundary data sharing
Data is the backbone of the digital economy and unfortunately, that data is rarely located in one convenient, secure location. Organisations need to be able to tap into multiple data holdings, and that often means accessing data across trust boundaries or jurisdictional barriers. Take, for example, a global financial institution that operates in countries around the world, many of which have very different privacy regulations. Despite the fact that it is held by the entity, data is subject to the regulatory requirements of the region or country it’s in, which often prevents these banks from efficiently obtaining a global operating picture. A branch in one country could be watching suspicious customer transactions without realising that the same customer is also being actively monitored by a branch in another jurisdictions. By leveraging PETs, these banks can perform encrypted searches containing customer watchlists over their global footprint to gain insights in near real time while ensuring personal customer information is never exposed outside its original jurisdiction. The bank can use this new information to make better informed decisions and pursue additional investigations as required.
Inter-organisational collaboration
There are numerous benefits of sharing data within trusted communities such as industry consortiums or public-private partnerships. However, these data sharing agreements can only advance as long as the interests of the contributing entities can be protected. Any requirement that parties pool or centralise all of their data is typically a nonstarter — no one wants to give up ownership or control of their own assets, even if they are likely to benefit from the collective outcomes. PETs enable trusted, decentralised collaboration, allowing contributors to provide auditable and secure usage of certain parts of their data while it remains in their trusted environment. Entities can securely cross-match or analyse disparate data holdings and extract value without fear of exposing sensitive information. Or, they can make data available for use by government or other public sector groups with the potential to benefit the industry more broadly. For example, individual pharmaceutical companies could contribute to research efforts around a specific disease without risk of exposing sensitive patient information or IP.
Blockchain technology applications in healthcare
Third-party data usage
Looking beyond your own walls to access and leverage data you don’t own or control is increasingly necessary for business leaders as collecting, managing, and maintaining large first-party data holdings is expensive and risky. And while new data sources can add substantial value, they can also increase risk by exposing your organisational interest in the data which can compromise IP or competitive advantage. Replicating the data in your own environment is rarely practical or possible, leaving decision markers to choose between risk and value. As an example of how this plays out in the real world, think of investors who use third-party databases as part of their due diligence processes to obtain information about a company they want to acquire. In this case, exposing their specific interest in the data to any other party, including the data owner, has the potential to compromise the deal. By protecting the operation (think search or analytic), PETs preserve the interests of the potential investor while also expanding usability for the data owner since such protections can help overcome legal or risk objections.
As a category, Privacy Enhancing Technologies have the potential to change how and where organisations leverage data — a fact that is already being confirmed through operational deployments for use cases in financial services, government, healthcare, and a number of other industries today. Market factors and an ever-expanding regulatory landscape demand that data protection and privacy play a central role in strategic decisions, and business and technology leaders feel that pressure. PETs are business-enabling; they allow organisations to prioritise privacy while still getting the job done. And that is ultimately why these technologies have broken through the label of ‘cool tech’, and are truly transforming the way we extract value from data.