SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Privacy-preserving analytics platforms are poised to tackle the data dilemma

Thu, 30th Jan 2020
FYI, this story is more than a year old

Do yourself a favour. It only takes about a minute. Enter Have I Been Pwned? (HIBP) into any browser and enter your personal email. In about one second, you'll get the results – and this may turn out to be the best second you've ever spent. HIBP – a free resource created by a Microsoft director – tells you how, when and where your personal data was hacked, exposed, or compromised in any other number of nefarious ways. I asked a colleague to do this for her personal email and passwords and they showed up in 15 data breaches. Among others, she was one of 164 million LinkedIn users who had their emails and passwords exposed in 2016.

Data is big business. On the wrong side of the law, there are legions of hackers and bad actors looking to exploit your data, all, ultimately, for the same goal – to rob you. On the right side of the law, myriad data brokers and enrichment companies are emerging, using legitimate channels and methods to enhance the marketing and business development strategies created by organisations. These activities, flourishing off the back of the astonishing growth in data generation – data volume is doubling every two years* - are key motivations behind a raft of new laws around the world designed to protect the privacy of consumers.

There's another side to this scenario. Companies are increasingly pinning their hopes on data strategies for growth. Consumer data is the new gold, the new oil, and without it, C-suite executives everywhere know they'll fall behind in the race for market share, sustainable returns and customer loyalty. However, the speed at which this industry is growing and changing leaves many executive teams grappling with how best to use their consumer data, safely and ethically. This becomes particularly challenging when the pot of gold at the end of the rainbow relies on collaborating with other organisations and combining data sets to uncover insights to assist and inform business strategy.

In 2020, data capture, storage and use will become even harder. Any organisation that touches consumers in the EU is already getting to grips with General Data Protection Regulation. GDPR's maximum fine is up to 4% of annual global turnover or €20 million (depending on which is greater) for any organisation that infringes its requirements.

In Australia, the new Consumer Data Right starts rolling out early next year with the introduction of open banking, which will ensure consumers retain ownership of their data. In addition, 2020 is also likely to see the enactment of the Data Sharing and Release legislation.

A recent discussion paper on this proposed law has removed a critical element, being the need for individuals to provide consent for parties to share their personal information. The onus is on "data custodians and accredited users" (in other words, organisations collecting and using the data) to "safely and respectfully share personal information where reasonably required for a legitimate objective…".

While companies now have more options to use their consumers' data, they'll also face greater risks.  Given the ubiquity of data breaches combined with the difficulty experienced by organisations across the board in keeping data safe and respecting the privacy of the customers, this will only add to the already significant compliance and security burden on leaders.  Executives are understandably already worried. Global cybercrime is expected to cost US$6 trillion annually by 2021, a staggering figure that tops the financial impact of natural disasters.

The obvious question that emerges is whether any of this can be avoided. And the comforting answer is yes, it can. Using data analytics ethically and responsibly to secure legitimate business objectives and without falling foul of evolving legislation is now possible. The technology – once the preserve of academia – is homomorphic encryption, which simply means that an organisation can analyse encrypted data without having to decipher it first.

Companies looking to co-market can jointly perform analytics and share insights on confidential, sensitive or personal datasets without ever unlocking, identifying or losing control of the data. At IXUP we believe that privacy-preserving platforms will be a gamechanger in data analytics in 2020 and beyond.

Our view is validated by some of the world's largest technology companies investing in advancing homomorphic encryption.  Microsoft Research has developed SEAL, a homomorphic encryption technology used by IXUP.

Companies can use SEAL on the IXUP platforms to perform data analytics on information while it's still encrypted, and - just as important -the owner of the data never has to share their encryption key with anyone else.  Personal information remains private and protected.

Google also recently unveiled its open source cryptographic tool, Private Join and Compute, to analyse data in its encrypted form, with visibility of just the insights derived from the analysis, and not the underlying data itself.  So, while the regulatory environment is becoming more complex, and the risks of managing and using data rising, an elegant solution is at hand. Data analytics enabled by homomorphic encryption will pave the way for companies to generate the business-positive insights they're after. It'll also preserve their most important resource – their customers - by guaranteeing that their privacy remains sacrosanct.

*If you want to understand just how much data is being created, the latest estimates put it at 175 zettabytes by 2025. To visualise this, David Reinsel, senior vice president at global research firm IDC explained that this amount of information would require a stack of 1.2mm thick BluRay discs that would stretch from Earth to the Moon – 23 times.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X