The business-enabling category of Privacy Enhancing Technologies (PETs) is making its mark as the one of the foundational technologies of the digital transformation era. With data as the backbone of the digital economy, market factors such as the drive to view data as an organizational asset, the need for global data sharing and collaboration, and an ever-increasing demand for privacy have catapulted this family of technologies into the spotlight.
The direct impact that they deliver to business and mission capabilities is the reason they are here to stay. Grouped together for their ability to enable, enhance and preserve the privacy of data throughout its lifecycle, these technologies are powerful and transformational in engineering trust and unlocking data value. As the value of PETs becomes more widely recognized and an increasing number of organizations and providers begin using the term, there remain a variety of questions and misconceptions to address.
Front and centre among items to clarify is the name itself. While there have been a number of proposed labels – privacy-preserving technologies, privacy-enhanced computation, privacy enablers – PETs has surfaced as the category name of choice. This is the designation that US and UK leaders used late last year when they announced an initiative to advance these technologies to “harness the power of data in a manner that protects privacy and intellectual property, enabling cross-border and cross-sector collaboration to solve shared challenges”.
Also, there are misconceptions about which technologies should be included in the category. Clarity on this item centres around how the technologies are used, the role they play in enhancing privacy, and where that impact takes place. As a mathematician by training, to me, the simplest dividing line comes down to computation.
PETs protect Data in Use, which describes data while it is being used or processed via searches or analytics. By this definition, the core pillars of PETs include homomorphic encryption, secure multi-party computation, and trusted execution environments (sometimes called confidential compute). Other approaches, such as synthetic data and data at rest protection mechanisms such as tokenization, are tangential, but do not fit within the category because they do not protect data in use.
To continue building a shared understanding of this increasingly visible, transformational family of technologies, let’s address some common myths and misconceptions about PETs.
Continue reading the full article at Computer Weekly.