Image source: Privacymaven CC BY 4.0 via Wikimedia Commons
The Information Commissioner’s Office (ICO) has urged organisations to start using privacy enhancing technologies (PETs) to share people’s personal information.
It has published new guidance on the issue, saying that PETs will support security and confidentiality by enabling organisations to share, link and analyse people’s personal information without having access to it.
This can have applications in areas such as detecting and preventing financial crimes.
The guidance is aimed at data protection officers and others who are using large personal datasets in finance, healthcare, research, and central and local government.
It explains the different type of PETs – such as homomorphic encryption, secure multiparty computation and zero knowledge proofs – and the distinction between those that provide input privacy, which reduces the number of parties with access to information and output privacy, which provides measures to reduce the risk of information being obtained or inferred from a processing activity.
It also conveys that PETs are not a ‘silver bullet’ for meeting data protection requirements, and that that an organisation should still make efforts to assess the impact of processing, be clear about the purpose, document how the technologies can help them to comply with data protection principles, and address any issues they may create.
Maturity factor
The guidance also includes a warning that some PETs may not be sufficiently mature in terms of their scalability and robustness to attacks, and outlines factors that should be considered in assessing whether they are appropriate.
UK Information Commissioner John Edwards said: “If your organisation shares large volumes of data, particularly special category data, we recommend that over the next five years you start considering using PETs.
“PETs enable safe data sharing and allow organisations to make the best use of the personal data they hold, driving innovation.
“My office is committed to supporting UK businesses to develop and innovate with new technologies that respect people’s privacy and this guidance helps them to do that.”