Prioritizing Data Privacy for Enterprises in 2020
As the dawn of a new decade approaches, QEDIT CEO Jonathan Rouach gives his thoughts on the status of the data privacy landscape, and what we can expect in 2020.
What do you envision as the major threats to enterprise data privacy in 2020?
With 2020 right around the corner, the biggest concern facing enterprises from a data privacy perspective is that they will be increasingly compelled to share confidential business and user information with third parties in order to jointly analyze data, increase efficiency, generate new revenue streams and remain competitive. However, existing methods used to ensure the privacy of ‘data at rest’ and ‘data in transit’ do not adequately address the types of risks that arise when data is used by a third party.
How can this be achieved?
Businesses are beginning to realize that they need privacy-enhancing tools to solve problems associated with ‘data in use.’ There are informal solutions which involve trusting third parties or using a legal framework to protect data, but we know these don’t work and the Cambridge Analytica scandal is evidence of that. Companies have a profound responsibility to use their data wisely, and they can achieve this by leveraging the latest innovations in privacy-enhancing technology.
The best approach is never to share copies of private data with third parties. In practice, however, this is not realistic. Advanced privacy-enhancing techniques such as Zero-Knowledge Proof cryptography (ZKP) provides an ideal solution in that it can be used to harness value from data, without sharing the data itself. These privacy-enhancing tools have been recognized by the World Economic Forum, and underscore our selection as one of the World Economic Forum’s Technology Pioneers of 2019, in the field of data privacy.
Is privacy-enhancing technology evolving quickly enough to keep up with tightening constraints on businesses from a regulatory perspective?
Actually, privacy-enhancing tools such as ZKPs, homomorphic encryption, and multi-party computation have evolved a lot over the past years. In addition to being more practical to use, they are already able to help enterprises alleviate the compliance challenges they increasingly face. They’re not a silver bullet for everything, but these field-proven techniques can currently provide a way for companies to leverage their data and achieve mutual business aims, without violating data privacy regulations. Ongoing efforts to standardize these tools and make them available for commercial products will facilitate greater accessibility to enterprises.
How can companies operating in a DLT environment ensure the privacy of transactional data is protected?
This is a systematic problem for companies using DLT as they are the most exposed to this data privacy dilemma. As the basic protocol at the heart of DLT (consensus protocol) relies on sending data between participants, DLT-powered companies feel the problem of privacy more acutely.
QEDIT has been in this space for a couple of years, and we have witnessed the groundswell of momentum behind ZKP cryptography, especially as DLT operators come to terms with privacy requirements. It is now widely accepted that ZKPs are the preferred solution for moving from totally transparent DLTs to privacy-preserving ones. This year alone, we have seen many deployments that have elevated the status of ZKPs at enterprise level.
What has 2019 taught you about data privacy? What have been the recurring trends you have seen?
The impact of GDPR has been significant. There are companies that have moved from having a normal cadence of collaboration with other companies, to being completely in the dark because they can’t ask about or send private data. A wide category of processes have been disrupted by the arrival of GDPR, and this disruption cannot be resolved without additional tools.
Another recurring theme I’ve noted is as companies adopt enterprise blockchain use cases, they discover late in the game that the first iteration of the protocols they put in place don’t address the issue of data confidentiality. Companies have begun to understand the pitfalls associated with sharing data with competitors in a decentralized environment.
The bottom line is this: enterprise blockchain has become real enough for enterprises to be putting real data in these systems. Now they are, as we expected, asking questions about confidentiality from a risk perspective and not just a theoretical one.
