Data privacy and the changes enterprises need to be ready for [Q&A]
It has been estimated that there are some 43 zetabytes of data stored by enterprises today that are inaccessible and not commercialized due to privacy concerns, operational complexity and regulations.
With the California Consumer Privacy Act (CCPA) becoming fully operational on January 1 2023 and other legislation in place or coming around the world, the need for businesses to find new data accessibility methods that are compliance-friendly is very real.
We spoke to Riddhiman Das, founder and CEO of TripleBlind, to find out more.
BN: What is privacy enhancing computation, and what is its effect on compliance as a whole?
RD: When two or more businesses want to privately share and commercialize sensitive data -- and as we all know, because data is the new oil -- things can get messy, and organizations worldwide are looking to innovation to ease these sensitivities.
An important emerging set of techniques and technologies are known by the umbrella term Privacy-Enhancing Computation (PEC), which at its most basic level keeps data safe -- both while it is static (on a database for instance) and while in transit.
While a diverse assortment of technical approaches are under this PEC tech umbrella, they all share one key objective–achieving data security through privacy-enhanced computation and to enable the secure and compliant processing of artificial intelligence and other forms of data analytics on data sets that contain personally identifiable information. Often this data is stored in multiple locations spread across organizational and national boundaries.
One of the most exciting aspects of PEC is that it enables users to maintain privacy while the data is computed, keeping the data behind a firewall. And take that one step further, there is now technology that keeps the algorithm that is computing on the data as private as the data itself. So, if a user has a proprietary algorithm, they won’t lose their intellectual property while computing the data, and that data remains private. The data owner won’t have to worry about it being lost or stolen and the algorithm provider doesn’t have to worry about someone stealing their proprietary algorithm.
A patchwork of international, federal, and state-level regulations dramatically hinder how data can be used. And while these regulations are necessary to protect sensitive data, compliance with countless rules encourages enterprises to lock data up -- rather than double down on research and analytics. PEC has been able to unlock this data to help organizations stay in compliance yet reap the rewards the data they accessed provides.
BN: Why do organizations need to be aware of the changes to CCPA and what are the steps they should begin to address now, even though we are still months away?
RD: Organizations need to be aware of the changes to the CCPA because collaboration with underutilized datasets and algorithms can lead to unauthorized access to personal data. Under the CPPA, businesses are also required to give notices to consumers to explain their privacy practices. These requirements also apply to data brokers and providers. As new laws are being developed, a business can prepare by ensuring privacy best practices for their industry and compliance with state and federal laws.
BN: What are some of the recent data privacy innovations that have made previous data accessibility methods such as homomorphic encryption, secure enclaves, tokenization and blockchain seem too slow and expensive for today's needs?
RD: Privacy-enhancing computation (PEC) is an emerging field, and it's evolving rapidly. PEC has evolved well past the stage of ‘clunky software experiment’ and has grown into a full-fledged, commercially viable data collaboration option. In recent years, plenty of fast and scalable alternatives have emerged, allowing organizations to leverage their data without all the extra demands on resources. PEC is not only cost effective and faster than current alternatives, it allows organizations to confidently collaborate with data, knowing their usage will comply with regulations.
BN: There are huge amounts of data that are inaccessible and not commercialized due to privacy concerns and/or operational complexity. What are the steps that organizations can take to unlock this data?
RD: If your work includes machine learning or analytics, you're likely facing serious data challenges. When we speak with C-Suite leaders, compliance officers, data scientists, and even with cloud architects, there are three major themes around data that come up most often; data access, data prep and data bias.
Implementing privacy-enhancing computation (PEC) provides robust, sustainable measures to analyze, pool, process or collaborate while data remains one-way encrypted and protected in use without ever being shared. While a diverse assortment of technical approaches are under this umbrella, they all share one key objective. This common goal is achieving data security through privacy-enhanced computation and to enable the secure and compliant processing of artificial intelligence and other forms of data analytics on data sets that contain personally identifiable information. Often this data is stored in multiple locations spread across organizational and national boundaries. The benefits of privacy enhancing computation are applicable to many vertical markets, with the healthcare and financial services sectors leading the overall adoption curve. These sectors have the most immediate and obviously compelling use cases, such as reducing the time and resources necessary to develop new pharmaceuticals or drastically cutting down cases of credit card fraud.
BN: Amid all of the convenience afforded by new tools and technologies, many say privacy has inevitably become collateral damage. Why is this and what can data privacy companies and their users do to change this narrative?
RD: In most industries today, Big Data is redrawing the limits of human knowledge and capability. Unfortunately, highly regulated industries like healthcare have a harder time maximizing these benefits. While HIPAA is paramount to safeguarding patient privacy, regulations prevent researchers from exploring the full potential of their patient data. Embracing the spirit of the growing legal requirements for individual privacy, new privacy enhancing technologies are fundamentally changing the way healthcare organizations can unlock patient data, especially for collaboration.
BN: How can privacy enhancement technology drive the digital economy and digital transformation?
RD: Organizations in industries where data collaboration is important, but data is regulated, must deploy a robust privacy-enhancing technology (PET) solution. However, the benefit of secure data collaboration is more than ensuring regulatory compliance, it often leads to improved revenues, market share, and other positive business outcomes. Privacy-Enhancing Computation can help businesses meet their legal obligations to protect customer data, but PEC also helps businesses get more value from their data by allowing them to share and analyze it without revealing sensitive information about individual customers.
Image credit: tashatuvango/depositphotos.com