In the last few years the UK’s Royal Society has produced a series of reports looking at how to both take advantage of the promise of the data age, whilst also thinking about how to mitigate new risks that come alongside these opportunities.
This includes ‘Progress and research in cybersecurity’ (2016), ‘Machine learning’ (2017), ‘Data management and use’ (2017) and its latest report, published this week ‘Protecting privacy in Practice, the current use development and limits of Privacy Enhancing Technologies in data analysis‘. This report on Privacy Enhancing Technologies (PETs) came out of the requirements and opportunities identified in the previous reports, and looks at five PETs in detail, which it defines as:
- ‘Trusted Execution Environment (TEE): isolated part of secure processors that allow the isolation of secret code from the rest of the software that is running on a system in order to achieve confidentiality of the data. Trusted execution environments are also known as secure enclaves.’
- ‘Homomorphic encryption (HE): a property that some encryption schemes have, so that it is possible to compute on encrypted data without deciphering it.’
- ‘Secure Multi-Party Computation (SMPC or MPC): a subfield of cryptography concerned with enabling private distributed computations. MPC protocols allow computation or analysis on combined data without the different parties revealing their own private input.’
- ‘Differential privacy: security definition which means that, when a statistic is released, it should not give much more information about a particular individual than if that individual had not been included in the dataset. The differential privacy definition allows one to reason about how much privacy is lost over multiple queries (see privacy budget).’
- ‘Personal Data Store (PDS): systems that provide the individual with access and control over data about them, so that they can decide what information they want to share and with whom.’
As the report mentions, at Privitar we are already utilising a partially homomorphic encryption scheme in our SecureLink solution, as used by NHS Digital. As the field continues to change rapidly, we will continue to invest in research and development to ensure our clients have access to the latest and most advanced technologies.
However, one challenge for organisations looking to use PETs is the lack of clear guidance on what technologies are currently available, what they can and cannot do, and how they should be used.
This report is an excellent step in providing greater clarity on some particularly promising technologies, but, as the report recommends, further work is needed. The report itself touches on this in some of its seven recommendations:
- Accelerate the research and development of PETs
- Promote the development of an innovation ecosystem
- Drive the development and adoption of PETs.
- Support organisations to become intelligent users of PETs.
- Give public sector organisations the level of expertise and assurance they need to implement new technological applications, enable a centralised approach to due diligence, and assure quality across the board.
- Create the skilled workforce needed to develop and implement PETs.
- Promote human flourishing by exploring innovative ways of governing data and its use that are enabled by PETs.
At Privitar we utilise the most promising advances in the privacy engineering to deliver solutions for organisations innovating with data whilst maintaining the highest standards of protection for privacy.
If you’re interested in finding out more, next Thursday, 4th April at In:Confidence, Privitar policy Lead Guy Cohen will be interviewing Natasha McCarthy, Head of Policy for Data at the Royal Society to discuss what the latest policy recommendations mean for your business ‘ both now and in the future.