Schaumburg, IL, USA—According to recent research from Cisco, 76 percent of consumers have discontinued using products and buying from organizations they do not trust with their data. Expectations of consumer privacy, combined with evolving regulations, growth in the use of machine learning systems, and an increasing focus on ethical data use have paved the way for greater use of privacy enhancing technologies (PETs), as explored in ISACA’s new white paper, Exploring Practical Considerations and Applications for Privacy Enhancing Technologies.
The paper defines PETs and their classification and categorizes common types, including:
- Trusted Execution Environment (TEE): A dedicated area on a computer processor that is separated and secured from the operating system (OS), and stores data and runs code within its secured area
- Homomorphic Encryption (HE): Cryptographic technique that directly computes encrypted data
- Secure Multi-Party Computation (SMPC): Allows multiple parties to analyze their combined data without revealing the contents of the data to each other using a cryptographic technique called “secret sharing”
- Federated Learning (FL): An architectural PET that allows multiple parties to train models on their data
- Differential Privacy (DP): A mathematical framework for ensuring the privacy of individuals in datasets
- Synthetic Data: Transforms a sensitive dataset into a new dataset with similar statistical properties without revealing information on individuals from the original dataset
“There are benefits and downsides to each type of PET, and a range of reasons why one may better suit a specific organization or use case,” says Denitza Varbanova, senior manager, global privacy governance at SurveyMonkey, and member of the ISACA Emerging Trends Working Group. “Privacy professionals can take measured steps to effectively review their options and decide the best PET or combination of PETs that will help them meet their privacy goals.”
Exploring Practical Considerations and Applications for Privacy Enhancing Technologies provides regulatory perspectives on PETs and real-world case studies that examine how PETs can be business enablers, as well as outlines steps for organizations to take when considering which PET to use:
- Perform a data protection impact assessment (DPIA)
- Develop the business case
- Review the data governance maturity
- Build the evaluation criteria
- Decide between single PETs and combined PETs
The paper also discusses the complexity involved in how PETs fit within the regulatory space and in how they can be leveraged for privacy by design and other privacy principles, such as the Organisation for Economic Co-operation and Development (OECD) privacy principles. However, it notes that given the wide range of PETs and the lack of standards and guidance around them, each needs to be evaluated for compliance with regulations on a case-by-case basis.
“PETs have a great deal of potential for organizations in driving forward privacy by design, regulatory compliance, and ethical data use,” said Safia Kazi, ISACA Principal, Privacy Professional Practices. “However, they also come with uncertainties and have not reached widespread adoption, so privacy professionals should continue to monitor this space.”
Exploring Practical Considerations and Applications for Privacy Enhancing Technologies is free and can be accessed at www.isaca.org/resources/white-papers/2024/exploring-practical-considerations-and-applications-for-privacy-enhancing-technologies.
About ISACA
ISACA® (www.isaca.org) is a global community advancing individuals and organizations in their pursuit of digital trust. For more than 50 years, ISACA has equipped individuals and enterprises with the knowledge, credentials, education, training and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA is a global professional association and learning organization that leverages the expertise of its 180,000 members who work in digital trust fields such as information security, governance, assurance, risk, privacy and quality. It has a presence in 188 countries, including 225 chapters worldwide. Through the ISACA Foundation, ISACA supports IT education and career pathways for underresourced and underrepresented populations.
Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews
Media Contacts
communications@isaca.org
Emily Ayala, +1.847.660.5512
Bridget Drufke, +1.847.660.5554