You and Your Company’s Data: Is it Private?

You and Your Company’s Data: Is it Private?

Facebook privacy issues

Public privacy is an issue we face today, globally. Additionally, a comparison between UK and US privacy awareness. Finally, as Chief Privacy Officers are increasing in the government sector, PETs are on rise too. 

We need a global right to privacy in public spaces

Nowadays, digital surveillance combined with A.I. has become more and more invasive. 

Fortunately, in-person surveillance is neither time-efficient nor cost-effective. However, our phones alone provide enough data to companies, whether is tracking our movements, our searches or our calls and texts. What’s worse, as facial recognition software develops, it will only become easier and easier to follow our every move.

Additionally, A.I. has boosted the invasiveness of public surveillance increasingly more, especially allowing recognition as we walk the streets.

Unfortunately, China is looking to harness this personal data for social control and behavioral engineering, in hopes to punish people for bad behavior and reward people for good behavior.

China is not alone, as there are other countries out there that are developing data harnessing technologies and selling them to government bodies to gain more control over their people.

Two major courses of action come from this: we need stronger controls on the production and sale of these tools and we need to define the rights to privacy in a public setting.

How employees and their organizations are prioritizing data privacy

It is now clear that UK is doing much better than the US in terms of data privacy, whether its a deeper understanding of the laws or better training opportunities.

In a survey conducted both in the US and the UK, to check employees knowledge of their organizations’ current stance on privacy regulations. It was found that about 60% of employees in both countries handle sensitive information every day. Additional results indicated that while only 17% of UK respondents were unaware of privacy laws, a stunning 52% of US respondents were unaware of their privacy laws dictating how their companies manage sensitive data.

Surprisingly, one year after the implementation of GDPR, 84% of UK employees feel they understand their professional data compliance obligations and  half  agree that their information is safer now with GDPR.

As we all know, privacy is a booming concern in our world. Thus, it is beneficial to us all to get up to speed with all the laws and compliance methods related to privacy regulations.

Privacy enhancing technology for data analysis

More and more government agencies are appointing CPOs, or Chief Privacy Officers, and with that, comes privacy-enhancing technology (PET).

What are PETs? They are technologies that enable agencies to leverage the increasing amount of data available for analysis, and at the same time, ensuring private information stays private.

To ensure privacy officers are familiar with PET, the Royal Society has recently published a report detailing five prominent PETs at the moment:

  • Homomorphic encryption
  • Trusted execution
  • Secure multiparty computation
  • Differential privacy
  • Personal data stores

These PETs help with secure access, but they also allow for joint analysis of data by several organizations and secured data outsourcing to the cloud.

Join our newsletter



CANON: Canadian Anonymization Network

CANON: Canadian Anonymization Network

Facebook privacy issues

CANON: Canadian Anonymization Network

The Canadian Anonymization Network (CANON) is a very big deal for Canada!

What is CANON? It is an unofficial network of data custodians from private, public and health, with a goal to promote anonymization as a privacy-mindful way to use data for economic gains. CANON has some of the largest data custodians all over the country!

What are CANON’s objectives?

  • Share and exchange information about internationally-evolving, legal, policy and technical standards on anonymization.
  • Develop a Canadian community of practice among stakeholders that rely on effective anonymization for the success of their organizations across the public and private sectors.
  • Educate the community at large about the effectiveness of alternative anonymization methods, and meaningfully contribute to discussions about risks and opportunities.
  • Identify emerging issues and challenges with anonymization, including re-identification risks, legal/policy constraints and ambiguities.
  • Advocate for balanced legislative and policy standards for anonymization that enable innovative and beneficial uses of data, while reasonably protecting against foreseeable privacy risks.

CryptoNumerics is pleased to join organizations like TELUS, Bell, TD, Microsoft, and IBM as part of CANON.

Key success indicators of the network include a better understanding of anonymization while not compromising the utility of data. Also, organizations will see a reduced amount of privacy risk and can thus be more confident in their analytical data usage.

While facilitated by stakeholders, this initiative aims to address many related concerns for the next few months.

For further information about CANON and its objectives, visit the CANON website.

Join our newsletter



The Privacy Risk Most Data Scientists Are Missing

The Privacy Risk Most Data Scientists Are Missing

Facebook privacy issues

Data breaches are becoming increasingly common, and the risks of being involved in one are going up. A Ponemon Institute report (an IBM-backed think tank), found that the average cost of a data breach in 2018 was $148 per record, up nearly 5% from 2017.

Privacy regulations and compliance teams are using methods like masking and tokenization to protect their data — but these methods come at a cost.
Businesses often find that these solutions prevent data from being leveraged for analytics and on top of that, they also leave your data exposed.

Many data scientists and compliance departments protect and secure direct identifiers. They hide an individual’s name, or their social security number, and move on. The assumption is that by removing unique values from a user, the dataset has been de-identified. Unfortunately, that is not the case.

In 2010, Netflix announced a $1 million competition to whoever could build them the best movie-recommendation engine. To facilitate this, they released large volumes of subscriber data with redacted direct identifiers, so engineers could use Netflix’s actual data, without compromising consumer privacy. The available information included users’ age, gender, and zip code. However, when these indirect identifiers (also known as quasi-identifiers) were taken in combination, they could re-identify a user with over 90% accuracy. That’s exactly what happened, resulting in the exposure of millions of Netflix’s consumers. Within a few months, the competition had been called off, and a lawsuit was filed against Netflix.

When it comes to the risk exposure of indirect identifiers, it’s not a question of if, but a question of when. That’s a lesson companies have continuously found out the hard way. Marriott, the hotel chain, faced a data breach of 500 million consumer records and faced $72 million in damages due to a failure to protect indirect identifiers.

Businesses are faced with a dilemma. Do they redact all their data and leave it barren for analysis? Or do you leave indirect identifiers unprotected, and create an avenue for exposure that will lead to an eventual leak of your customers’ private data?

Either option causes problems. That can be changed!

That’s why we founded CryptoNumerics. Our software is able to autonomously classify your datasets into direct, indirect, sensitive, and insensitive identifiers, using AI. We then use cutting-edge data science technologies like differential privacy, k-anonymization, and secure multi-party computation to anonymize your data while preserving its analytical value. Your datasets are comprehensively protected and de-identified, while still being enabled for machine learning, and data analysis.

Data is the new oil. Artificial intelligence and machine learning represent the future of technology-value, and any company that does not keep up will be left behind and disrupted. Businesses cannot afford to leave data siloed, or uncollected.

Likewise, Data privacy is no longer an issue that can be ignored. Scandals like Cambridge Analytica, and policies like GDPR, prove that, but the industry is still not knowledgeable on key risks, like indirect identifiers. Companies that use their data irresponsibly will feel the damage, but those that don’t use their data at all will be left behind. Choose instead, not to fall into either category.

Join our newsletter



Announcing CN-Protect for Data Science

Announcing CN-Protect for Data Science

We are pleased to announce the launch of CN-Protect for Data Science

CryptoNumerics announces CN-Protect for Data Science, a Python library that applies insight-preserving data privacy protection, enabling data scientists to build better quality models on sensitive data.  

Toronto – April 24, 2019CryptoNumerics, a Toronto-based enterprise software company, announced the launch of CN-Protect for Data Science which enables data scientists to implement state-of-the-art privacy protection, such as differential privacy, directly into their data science stack while maintaining analytical value.

According to a 2017 Keggle study, two of the top 10 challenges that data scientists face at work are data inaccessibility and privacy regulations, such as GDPR, HIPAA, and CCPA.  Additionally, common privacy protection techniques, such as Data Masking, often decimate the analytical value of the data. CN-Protect for Data Science solves these issues by allowing data scientists to seamlessly privacy-protect datasets that retain their analytical value and can subsequently be used for statistical analysis and machine learning.

“Private information that is contained in data is preventing data scientists from obtaining insights that can help meet business goals.  They either cannot access the data at all or receive a low quality version which has had the private information removed.” Monica Holboke, Co-founder & CEO CryptoNumerics. “With CN-Protect for Data Science, data scientists can incorporate privacy protection in their workflow with ease and deliver more powerful models to their organization.”

CN-Protect for Data Science is a privacy-protection python library that works with Anaconda, Scikit and Jupyter Notebooks, smoothly integrating into the data scientist workflow.  Data scientists will be able to:

  • Create and apply customized privacy protection schemes, streamlining the compliance process.
  • Preserve analytical value for model building while ensuring privacy protection.
  • Implement differential privacy and other state-of-the-art privacy protection techniques using only a few lines of code.

CN-Protect for Data Science follows the successful launch of CN-Protect Desktop App in March. It is part of CryptoNumerics’ efforts to bring insight-preserving data privacy protection to data science platforms and data engineering pipelines while complying with GDPR, HIPAA, and CCPA. CN-Protect editions for SAS, R Studio, Amazon AWS, Microsoft Azure, and Google GCP are coming soon.  

Join our newsletter



Announcing CN-Protect Free Downloadable Software for Privacy-Protection

Announcing CN-Protect Free Downloadable Software for Privacy-Protection

We are pleased to announce the launch of CN-Protect as free, downloadable software to create privacy-protected datasets. We believe:

 

  • Protecting consumer privacy is paramount.
  • Satisfying privacy regulations such as HIPAA, GDPR, and CCPA should not sacrifice analytical value.
  • Data scientists, privacy officers, and legal teams should have the ability to easily ensure privacy.

Today’s businesses are faced with data breaches or misuse of consumer information on a regular basis. In response, governments have moved to protect their citizens through regulations like GDPR in Europe and CCPA in California. Organizations are scrambling to comply with these regulations without adversely impacting their business. However, there is no doubt that people’s privacy should not be compromised.

Current approaches to de-identify data such as masking, tokenization, and aggregation can leave data unprotected or without analytical value.

  • Data masking has no analytical use once applied to all values and, if not applied to all values, does not protect against re-identification. Data masking works by replacing existing sensitive information with information that looks real, but is of no use to anyone who might misuse it and is not reversible.
  • Tokenization removes all data utility of the tokenized fields, but re-identification is still possible through untokenized fields. Tokenization replaces sensitive information with a non-sensitive equivalent or a token which can be used to map back to the original data, but without access to the tokenization system, it is impossible to reverse.
  • Aggregation severely reduces the analytical value and if not done correctly can lead to re-identification. Data aggregation summarizes the data in a cumulative fashion such that any one individual is not re-identifiable. However, if the data does not contain enough samples re-identification is still possible.

CN-protect leverages AI and the most advanced anonymization techniques such as optimal k-Anonymity and Differential Privacy to protect your data and maintain analytical value. Furthermore, CN-Protect is easy to adopt, it is available as a downloadable application or plug-in for your favorite data science platform.

With CN-Protect you can:

  • Comply with privacy regulations such as HIPAA, GDPR, and CCPA;
  • Create privacy protected datasets while maintaining analytical value.

There are a variety of privacy models and data quality metrics available that you can choose from depending on your desired application. These privacy models use anonymization techniques to protect private information, while data quality metrics are used to balance those techniques against the analytical value of the data.

The following privacy models are available in CN-Protect:

  • Optimal k-Anonymity;
  • t-Closeness;
  • Differential Privacy, and more.

You will be able to:

  • Specify parameters for the various privacy models that can be applied across your organization and fine-tune for your many applications;
  • Define acceptable levels of privacy risk for your organization and the intended use of your data;
    Get quantifiable metrics that you can use for compliance;
  • Understand the impact of privacy protection on your statistical and machine learning models.

Stay ahead of regulations and protect your data. Download CN-Protect now for a free trial!

Join our newsletter



Weekly News #3

Weekly News #3

Facebook privacy issues

Experts predict that data privacy will take the center stage in 2019 and that organizations will have to fully embrace it. Google and other cloud providers are already jumping into the privacy wave by offering de-identification tools for healthcare data. 

Data privacy became a major topic in 2018. On one hand, GDPR came into effect in Europe affecting organizations from all over the world. On the other hand, massive cases of data breaches and data misuse where reported leading to customer concerns and legislators proposing new privacy laws.

2019 is expected to be a year in which organizations shift from considering privacy as a nice-to-have to a must-have. This shift will come in part from legislation but also from consumers demanding stronger data protection. Kristina Bergman, CEO of Integris Software Inc., predicts that in 2019 :

  • we will see the rise of the Chief Information Security Officer;
  • privacy and security will be seen as a continuum;
  • a growing conflict between privacy vs. the Data Industrial Complex;
  • the growth of data privacy automation.

In Canada, Howard Solomon interviewed four privacy and security experts, and these are their predictions:

  • David Senf, founder and chief analyst at the Toronto cyber consultancy Cyverity, predicts an increase in the demand of cybersecurity experts to protect against data breaches.
  • Ann Cavoukian, Expert-in-Residence at Ryerson University’s Privacy by Design Centre of Excellence, predicts that 2019 will be a “privacy eye-opener” with a growth of decentralization and SmartData.
  • Imran Ahmad, a partner at the law firm of Blake, Cassels & Graydon LLP, advises that HR should become more involved in preventing data misuse.
  • Ahmed Etman, managing director for security at Accenture Canada, warns that organizations have to be careful of cyberattacks against their supply chain.

Meanwhile, some organizations are jumping into the privacy wave by launching products to help their customers make better use of their data while protecting privacy:

One thing we can be sure in 2019 is that data privacy and security will continue to make headlines.

Join our newsletter