Privacy-by-Design Data Collaboration | Upload & Go
Emerging technology for theProtected Data Age
Privacy-by-Design Data Collaboration Emerging technology for the Protected Data Age
Data sharing without exposing consumer identity Consumer privacy protection and data security are issues that keep you up at night. Organizations have been sharing, posting and transmitting data for decades with little regard for disclosure risks. Public awareness and legislative agendas threaten to impede progress toward more bene昀椀cial applications of consumer information. A new data sharing approach is needed. The primary design consideration for this new approach must be protecting consumer privacy. Personal data rights are a rapidly evolving 昀椀eld with both moral and legal implications. For technology to keep pace with these dynamics, new mechanisms need to be designed, developed and implemented to support a new social contract regarding personal data protection. Karlsgate created Cryptoidentity™ to protect consumer privacy while enabling the free 昀氀ow of consumer information between companies. What’s inside: • Understanding the true cost of trust • Recognizing the limitations of current data sharing methods • Cryptoidentity: A new mechanism for a new era • The future of sharing consumer data • A re-imagined consumer privacy framework • Protection empowers freedom to share data Copyright © 2020 Karlsgate Inc. All rights reserved. 2
Understanding the true cost of trust Current modes of sharing consumer data require transferring Personal Data identi昀椀ers, like an email address, between two companies to match data sets. These data-sharing arrangements rely on trust that each organization will treat Personal Data securely and with integrity. Far too often, this trust is misplaced. Consumer privacy protection is lost Whether using clear text IDs or hashed IDs, sharing data like this represents personal information disclosure and promotes the discovery of individuals. Data owners lack control over what happens to Personal Data after transferring it to another company. Once Personal Data is copied, it can be copied perpetually. Not only that, once information is copied, it can be used as a persistent identi昀椀er that can link activity back to a single person forever. Data security lapses are costly Data owners are under moral and regulatory obligation to protect consumer privacy and data entrusted to them. The risks of not doing so are both 昀椀nancially and reputationally damaging. • Data breaches – $3.86 million average cost per data breach in 20201 • Brand reputation – 9% decrease in global annual sales from a data privacy crisis event2 • Privacy regulations – €332 million GDPR 昀椀nes for information security de昀椀ciencies in 20193 Copyright © 2020 Karlsgate Inc. All rights reserved. 3
Recognizing the limitations of current data-sharing methods Email addresses are a common identi昀椀er used to connect data sets across the marketing and advertising ecosystem. Unfortunately, two of the most widely used methods for sharing ID for matching, clear text and hashing, are open to signi昀椀cant consumer privacy and data control risks. Here is a comparison of some of the current approaches for exchanging identities to the Karlsgate Identity Exchange™: Clear text email addresses transmi琀琀ed to a trusted data provider Personal Identi昀椀ers DATA TRUSTED DATA OWNER PROVIDER Characteristics Effects On Privacy • Human-readable identi昀椀er used X Full disclosure of Personal Data for matching purposes X Explicit consent required to transfer • Data trading partners gain full Personal Data in some jurisdictions exposure to all identi昀椀ers X A data breach at either party risks • One party lacks all control over the mapping direct exposure to Personal Data rules and security of the data transmitted X Inequitable control over mapping • Trust is needed, since identifying data can be leaked process between sender and receiver Security Matrix Personal data To the data trading partner Are unknown identities exposed? Yes. The entire audience is transmitted. Can identities be re-identi昀椀ed? Yes. Personal Data is openly shared. Copyright © 2020 Karlsgate Inc. All rights reserved. 4
Hashed email addresses transmi琀琀ed to a digital data pla琀昀orm Hashed Identi昀椀ers DATA DIGITAL DATA OWNER PLATFORM Characteristics Effects On Privacy • Persistent and reusable hashed √ Underlying identi昀椀ers are obfuscated identi昀椀er used for matching purposes X Re-identi昀椀cation risk to all identities • Data trading partners gain access since hashed identi昀椀ers can be to all hashed identi昀椀ers mapped to external databases • One party lacks all control over the mapping X Hashes serve as pseudonymous rules and security of the data transmitted identi昀椀ers and may be classi昀椀ed • Trust is needed, since identifying as personal data transfers data can be leaked X Inequitable control over mapping process between sender and receiver Security Matrix Personal data To the data trading partner Are unknown identities exposed? Yes. The entire audience is transmitted. Can identities be re-identi昀椀ed? Yes. Stable hash values can be accumulated for later matching. Copyright © 2020 Karlsgate Inc. All rights reserved. 5
Cryptoidentity: A new mechanism for a new era Karlsgate developed Cryptoidentity to address the current weaknesses in data sharing. This patent- pending technology signi昀椀cantly increases the privacy protection of identifying information over current methodologies of sharing data. Using Cryptoidentity, identities in one data set can be linked or “mapped” to the matching identities within another data set without exposing Personal Data. Cryptoidentity operates on any two data sets that contain a common unique identi昀椀er, including email address, IP address, mobile advertising ID or government-issued identi昀椀ers. Cryptoidentity uses advanced cryptography and information security best practices to enable privacy-compliant data sharing, including: Single-Use Pseudonymization Re-hashing all identifying data mixed with random noise for each activity to ensure pseudonyms cannot be leveraged for re-identi昀椀cation. Differential Privacy Adding noise to data elements to obscure individual details while maintaining aggregated metrics. Blind Facilitation Enlisting a neutral party to determine matches without any computational insight into the de-identi昀椀cation process. This gatekeeper approach blocks the 昀氀ow of any unmatched data. Anonymization Completely remove all identifying attributes before working with personal data whenever insights can be gained at an aggregate level. The entirety of this protocol protects against both obvious disclosure and subtle attempts to re-identify the underlying identities. None of the three transaction participants can acquire a new identity that they didn’t already have direct reference to. In addition, all participants are blind to all identifying information when sharing data. Copyright © 2020 Karlsgate Inc. All rights reserved. 6
The future of sharing consumer data: Zero-trust Cryptoidentity is the secure data matching foundation of the Karlsgate Identity Exchange. Karlsgate Identity Exchange enables data owners to trade their data assets without exposing personal data in a zero-trust environment. Email addresses mapped using Karlsgate Iden琀椀ty Exchange Cryptoidentity™ HASHED T HASHED Facilitator OKENS OKENS T DATA Mapped Identities DATA OWNER PARTNER Characteristics Effects On Privacy • Non-reusable hashed identi昀椀ers √ Underlying identi昀椀ers are obfuscated used for matching √ Re-identi昀椀cation is inhibited by blinding • Data trading partners can only the involved parties to the requisite see their own identi昀椀ers components of the hash algorithm • Mapping rules are obvious to all parties √ Hashed tokens cannot serve as • Hashed tokens have no identifying pseudonymous identi昀椀ers since others value to the facilitator cannot recompute the token • No trust is required to ensure protection √ Equitable control over mapping process with enhanced transparency Security Matrix Personal data To the data trading partner To the Karlsgate facilitator To the data trading partner? Are unknown No. The facilitator only forwards No. Since each participant identities exposed? signals to the trading partner contributes a random upon a successful match. This component to the salt value, prevents disclosure of any new retention of hash value has identities to the trading partner. no re- identifying capacity. Can identities be No. The facilitator only forwards No. Since each participant re-identi昀椀ed? signals to the trading partner contributes a random upon a successful match. This component to the salt value, prevents disclosure of any new retention of hash value has identities to the trading partner. no re -identifying capacity. Copyright © 2020 Karlsgate Inc. All rights reserved. 7
Implementing privacy-by-design data sharing Karlsgate Identity Exchange solves the biggest issues with sharing insights about people. It eliminates the need to use unprotected personal identifiers to conduct commerce. This reduces many of the risks that negatively affect personal privacy rights protection without inhibiting the use cases for data sharing. Utilizing Karlsgate Identity Exchange supports organizations’ plan to build protections directly into their data-sharing practices. It is a privacy-by-design data-sharing approach that eliminates transferring or disclosing any Personal Data. Using Cryptoidentity to map identities eliminates the need for trust in data-sharing partnerships. No Capacity for Identity Discovery Cryptoidentity does not permit the acquisition of additional insight or data points regarding any identity not previously present in a participant’s data set. No Personal Revelation Triple-sourced random initialization vectors and one-way cryptographic hashing techniques create a one-way function, in which the input of the function cannot be inferred or deduced from the output of the function. No Residual Constancy Hash values are seeded against later reuse or inference. Single-use, random values mixed into the identifier ensures that no single participant can derive a stable or predictable output from the resultant hash values. No Identifying Granularity Individual identities are protected using limiters. Successful identifier mapping is based on a minimum threshold negotiated between the parties prior to uploading hashes with an absolute minimum value of 30. As we at Karlsgate embrace what we call the "Protected Data Age," we're changing the game. Gone are the days of lengthy and complicated data exchanges and vulnerable consumer information. Designed to take on the real-world complexity of today's data landscape, Karlsgate's easy-to-implement, Privacy-by-Design data processing and connectivity tools accelerate and simplify data collaboration while ensuring security and privacy. Learn more about us at karlsgate.com or get in touch at [email protected]. 1 IBM Security: Cost of a Data Breach Report, 2020. 2 Data Privacy study: 500 companies share their insights, 2020, Data Privacy Manager. 3 GDPR enforcement tracker. Copyright © 2020 Karlsgate Inc. All rights reserved. 8