"The family of technologies known as Privacy Enhancing Technologies, or PETs, has recently been attracting a lot of attention. In December, the UK and US announced a joint initiative aimed at advancing the PETs “to help mature and facilitate adoption of these promising technologies”. Last month, the UN joined in, launching a PETs Lab pilot focused on utilizing PETs to advance the security of international data sharing. These efforts echo the findings of industry analysts such as Gartner, who have identified these privacy-protection techniques as a Top Strategic Technology Trend for 2022.
While attention from such notable groups certainly raises visibility, the impact of PETs will ultimately be measured by the value delivered. Technology leaders may appreciate learning about innovation for the sake of advancing their own knowledge, but they will only invest time and resources in capabilities that solve real business problems. This requires use cases and applications that are practical, scalable, and ready to implement. And although many technologies in the PETs categories, such as secure multiparty computation, homomorphic encryption and differential privacy, have long been favorites among the academic and research communities, breakthroughs in recent years have moved the category from ‘theoretical, but promising’ to ‘business-ready’ — and it’s time for business and technology leaders to take notice.
The core value of PETs is in their ability to protect data while it’s being used or processed, delivering business-enabling capabilities that can shift the data usage paradigm. They do not replace, but rather complement, long-established measures of protecting data while at rest on the file system and in transit as it moves through the network. They enable and enhance privacy by ensuring data is protected throughout its lifecycle. Today we’ll look at three practical use cases across three distinct industries where PETs are uniquely adding value today.
Data is the backbone of the digital economy and unfortunately, that data is rarely located in one convenient, secure location. Organizations need to be able to tap into multiple data holdings, and that often means accessing data across trust boundaries or jurisdictional barriers. Take, for example, a global financial institution that operates in countries around the world, many of which have very different privacy regulations. Despite the fact that it is held by the entity, data is subject to the regulatory requirements of the region or country it’s in, which often prevents these banks from efficiently obtaining a global operating picture. A branch in one country could be watching suspicious customer transactions without realizing that the same customer is also being actively monitored by a branch in another jurisdictions. By leveraging PETs, these banks can perform encrypted searches containing customer watchlists over their global footprint to gain insights in near real time while ensuring personal customer information is never exposed outside its original jurisdiction. The bank can use this new information to make better informed decisions and pursue additional investigations as required.
There are numerous benefits of sharing data within trusted communities such as industry consortiums or public-private partnerships. However, these data sharing agreements can only advance as long as the interests of the contributing entities can be protected. Any requirement that parties pool or centralize all of their data is typically a nonstarter — no one wants to give up ownership or control of their own assets, even if they are likely to benefit from the collective outcomes. PETs enable trusted, decentralized collaboration, allowing contributors to provide auditable and secure usage of certain parts of their data while it remains in their trusted environment. Entities can securely cross-match or analyze disparate data holdings and extract value without fear of exposing sensitive information. Or, they can make data available for use by government or other public sector groups with the potential to benefit the industry more broadly. For example, individual pharmaceutical companies could contribute to research efforts around a specific disease without risk of exposing sensitive patient information or IP.
Looking beyond your own walls to access and leverage data you don’t own or control is increasingly necessary for business leaders as collecting, managing, and maintaining large first-party data holdings is expensive and risky. And while new data sources can add substantial value, they can also increase risk by exposing your organizational interest in the data which can compromise IP or competitive advantage. Replicating the data in your own environment is rarely practical or possible, leaving decision markers to choose between risk and value. As an example of how this plays out in the real world, think of investors who use third-party databases as part of their due diligence processes to obtain information about a company they want to acquire. In this case, exposing their specific interest in the data to any other party, including the data owner, has the potential to compromise the deal. By protecting the operation (think search or analytic), PETs preserve the interests of the potential investor while also expanding usability for the data owner since such protections can help overcome legal or risk objections."
Read the full article at Information Age.