The next frontier for data privacy is fast approaching: according to analyst firm Gartner, by 2025 50% of large organizations will be looking to adopt privacy-enhancing computation (PEC) for processing data in untrusted environments and for multiparty data analytics. PEC is a cross-industry advance that will cause existing data privacy models and techniques to be radically disrupted, as it offers a new approach to protecting and sharing data across parties without actually revealing that data to anyone.
The appeal of data sharing is clear: sharing data across parties holds the key to unlocking greater analytics and insights, as well as identifying risks and detecting fraud. But if this is the case, why aren’t companies sharing data more freely? The answer is this: they are concerned about the data privacy and security risks that could come from doing so.
Fortunately, the solutions to these concerns are now at hand, with the introduction of Confidential Computing and other privacy-enhancing techniques that put firms in complete control over how their data will be used. To discuss the potential of these new privacy-enhancing technologies, R3’s Chief Technology Officer Richard Gendal Brown recently hosted a webinar where he was joined by two world-leading experts in the field: Michael Klein, Managing Director for Blockchain and Multiparty Systems Architecture at Accenture, and Paul O'Neill, Senior Director of Strategic Business Development at Intel.
Setting the scene, Richard mapped out the discussion in three stages: first, by scoping out the business problems around privacy that traditional technology can't solve; second, by looking at some of the new technological approaches such as PEC that can solve these problems; and third, by examining how these technologies can actually be applied. According to Richard, “this isn't a future-looking phenomenon. This is a collection of technologies that can be applied right now.”
So, what exactly is the business problem? Paul O'Neill of Intel said that looking across different industries – especially highly-regulated sectors such as healthcare and finance – the biggest challenge has been the rise of “incentivized collaboration.”
“Imagine you’re a hospital administrator, and you're going to submit sensitive patient data and healthcare records to a research firm that’s going to perform a clinical trial with the patient's consent,” Paul explained. “You desperately want to advance medical science. But as an enterprise, you're worried. What happens if a rogue employee at the research firm steals that data? What if the research firm is using your patient’s data in a way that they didn't agree to? To anybody involved in privacy, that's really, really scary.”
What’s needed is a way for firms to know that their data remains protected at all times in a way that a third party cannot observe or even copy it – which is what technologies like Confidential Computing enable. However, these technologies are perceived as complex, and a recurrent theme during the debate was how to cut through this complexity to get to the core business issues. Accenture’s Michael Klein commented: “There are many techniques to encrypt data in use. Some are completely software-based, while some are hardware-based. And we can talk [to clients] about who they are actually trusting. Are they trusting the creator of the software or the creator of the hardware? And then, what are the features that the technique enables, and how ready is it to scale? I think those questions are probably the two biggest things that we encounter as we introduce our privacy-preserving functions or computations: helping our clients to understand that these are all valid techniques, and then choose the one that's going to best fit their scenario and also scale to meet their needs.”
There isn’t room in this short blog to go into the full richness of the debate. To experience it, click here to watch the webinar recording in-full.
Want to learn more?
Here are some helpful resources to learn more about PEC, Confidential Computing and Conclave.