What are privacy-enhancing technologies and how do they work?

Privacy-enhancing technologies (PETs) are a range of technologies (hardware or software) designed to enhance data privacy by minimising the amount of personally identifiable information (PII) that is collected, processed, or shared. 

PETs are designed to give individuals greater control over their data while enabling organisations to comply with privacy regulations and reduce the impact of data breaches.

They can be applied in AI modelling, cross-border data transfers, and data analytics to help strengthen security and minimise the impact of a breach while respecting individual privacy. In other words, data protection without exposing the actual data, such as personal health information, financial data, or other confidential information, from unauthorised access or disclosure.

Why do we need them?
 

PETs help to ensure compliance with privacy regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), build trust with customers, protect against the harmful effects of data breaches, and provide competitive advantage. By implementing PETs, companies can enhance their data privacy practices and better protect the personal information of their customers and employees.
 

• Compliance: Many privacy regulations, such as GDPR and CCPA, require organisations to implement specific privacy measures to protect personal data. PETs can help organisations to comply with these regulations and avoid penalties for non-compliance. In Europe, for example, data protection authorities have issued nearly €1.1 billion in GDPR fines since 28 January 2021, according to DLA Piper’s GDPR fines and data breach survey. Luxembourg, Ireland, Italy and Germany are on top of the list. 

• Trust & Reputation: By implementing PETs, organisations can demonstrate their commitment to data privacy and build customer trust. This can be particularly important in industries where privacy is critical, such as healthcare, finance, and insurance. If we switch the conversation to brand reputation and value, the harm is also massive and, sometimes, irreversible. It’s not unusual to witness all sorts of organisations losing billions in market value after a data incident. One of the most significant examples is when Meta suddenly shed $35 billion in value after the Cambridge Analytica leak.

• Risk management: PETs can help organisations reduce the risk of data breaches and other security incidents by minimising the amount of sensitive data stored, processed, or shared. This can help protect the organisation and its customers from the negative consequences of a data breach. Responsible data management also ensures the confidence of customers, employees, business partners and investors.

• Competitive advantage: With the world largely discussing new privacy policies in companies such as Apple and Google that plans to discontinue third-party cookies in Chrome soon, consumers are more aware of data privacy issues. Organisations that are seen as being more privacy-conscious may have a competitive advantage over those that are not. Implementing PETs can help companies to differentiate themselves and stand out in a crowded marketplace.

PETs and their applications

Historically, adopting encryption techniques used to be highly complex due to degraded performance and intermediaries having to be installed, code to be changed, etc. However, new PET approaches and leading cryptographic solutions have solved the performance versus security trade-off. With the right solution, businesses no longer need to choose whether they want to be safe/compliant or highly functional. 

A Gartner report stated that by 2025, 60% of large organisations will adopt PETs for processing data in untrusted environments and (multi-party) data analytics use cases. They can be applied in AI modelling, cross-border data transfers, and data analytics to help security and risk stakeholders manage constraints while respecting individual privacy.
 

Read also: Three cases for privacy-enhancing technologies and their relevance

One of the latest discussions on PETs is around how TikTok plans to incorporate them to protect European user data amid regulatory scepticism. The company plans to include “pseudonymisation of personal data” so that members cannot be identified without additional information.  

Encryption & Real life applications 

One of the best ways and the essential basic layer to protect data altogether includes encrypting it. When we turn plain text into something incomprehensible with an encryption key to scramble and unscramble data, we protect sensitive data from exposure, even in the case of a leak. However, traditional encryption methods do not offer this functionality, only Data-In-Use Encryption maintains data fully encrypted even during processing.

With this type of encryption, you hide information and prevent third parties who do not have access to the decryption key from accessing it. At Vaultree, you’re fully in charge of your key management strategy, and we integrate with several key management systems, such as Hashicorp and Yubikey. Besides that, we partnered with Qrypt pairing our technology with their generation of identical symmetric keys at multiple endpoints and quantum-secure future-safe one-time pad encryption.

In its encrypted form, data is unintelligible and, therefore, useless to cybercriminals. 

“If someone gets your sensitive data, what they get is gibberish. No matter how your sensitive data gets out, whatever data it is, it is always encrypted. If someone tries to gain access, it is always encrypted. The data is not readable”, our co-founder and CEO Ryan Lasmaili told the Business Post. 

Encryption model for the Finance Industry

The finance industry continues to suffer unrelenting cyberattacks, which deteriorated even more since the COVID-19 pandemic, with some of the largest financial institutions falling victim, causing high costs and disruption. 

Fines and reputational damage make cybersecurity stakes higher for financial institutions. Moreover, full US FTC compliance for NPI data is challenging to achieve with disparate teams working remotely on scattered infrastructure and networks. Security teams must evidence data’s documented protection measures from end to end and eliminate vulnerabilities. Financial institutions benefit from adopting Vaultree’s Fully Functional Data-In-Use Encryption in many different ways: 

• Use clients’ NPI easily
• Remain US FTC compliant
• Work faster with fully encrypted data 
• Analyse data fully secure
• Reduce costs
   

Encryption model for the Healthcare Industry

The average healthcare data breach cost increased by nearly $1 million to reach $10.10 million in 2022 according to the latest Cost of a Data Breach Report by IBM.

In one of the most sensitive industries, where data needs to be protected at all costs, the consequences of a data leak are, sometimes, a matter of life and death.

Healthcare organisations highly benefit from keeping fully encrypted data in all its states: 

• Provide end-to-end security for ePHI to prevent unauthorised access 
• Remain HIPAA compliant and lead to the very best outcomes for patient care
• Speed up and ease a safe workflow between staff and insurance providers
• Enable healthcare specialists in many different areas to collaborate seamlessly using a software where data is protected all the time  
   

There are many different types of PETs designed to solve specific business problems. Innovative encryption technologies will globally gain traction as mega data breaches persist and become more sophisticated and aggressive. PETs, including Fully Functional Data-In-Use Encryption, are essential tools for data privacy, business reputation and financial sustainability in a market saturated by ineffective technologies and tools.

Find out how Vaultree is revolutionising data privacy for organisations.