TripleBlind CEO: Orgs Need To Prepare for CCPA and the Future of Compliance

The California Consumer Privacy Act (CCPA) becomes fully operational on Jan. 1, 2023 and privacy professionals should start their engines because this will be a race to the finish line. For any organization that has not already started preparing in earnest on B2B and HR personal information, four months is precious little time to align data collection and processing practices with these new laws. Add in ongoing GDPR and HIPPA updates and any company in the States —especially those that play in the healthcare or finance—need to prepare and have the most up-to-date data sharing and access tools in place. We sat down with Riddhiman Das (Das), CEO of TripleBlind, to discuss data privacy, and the upcoming compliance acts and changes enterprises need to be aware of and prepare for.


Why do organizations in California need to be aware of the changes for the CCPA and what are the steps they should begin to address now, even though we are still months away?


Organizations need to be aware of the changes to the CCPA because collaboration with underutilized datasets and algorithms can lead to unauthorized access to personal data. Under the CPPA, businesses are also required to give notices to consumers to explain their privacy practices. These requirements also apply to data brokers and providers. As new laws are being developed, a business can prepare by ensuring privacy best practices for their industry and compliance with state and federal laws.


What are some of the recent data privacy innovations that have made previous data accessibility methods such as homomorphic encryption, secure enclaves, tokenization and blockchain seem too slow and expensive for today’s needs?


Privacy-enhancing computation (PEC) is an emerging field, and it’s evolving rapidly. PEC has evolved well past the stage of “clunky software experiment” and has grown into a full-fledged, commercially viable data collaboration option. In recent years, plenty of fast and scalable alternatives have emerged, allowing organizations to leverage their data without all the extra demands on resources. PEC is not only cost effective and faster than current alternatives, it allows organizations to confidently collaborate with data, knowing their usage will comply with regulations.


It has been estimated that there are some 43 zetabytes (a billion trillion bytes) of data stored by enterprises today that are inaccessible and not commercialized due to privacy concerns and/or operational complexity. What are the steps that organizations can take to unlock this data?


If your work includes machine learning or analytics, you’re likely facing serious data challenges. When we speak with C-Suite leaders, compliance officers, data scientists, and even with cloud architects, there are three major themes around data that come up most often; data access, data prep and data bias.


Implementing privacy-enhancing computation (PEC) provides robust, sustainable measures to analyze, pool, process or collaborate while data remains one-way encrypted and protected in use without ever being shared. While a diverse assortment of technical approaches are under this umbrella, they all share one key objective. This common goal is achieving data security through privacy-enhanced computation and to enable the secure and compliant processing of artificial intelligence and other forms of data analytics on data sets that contain personally identifiable information. Often this data is stored in multiple locations spread across organizational and national boundaries.The benefits of privacy enhancing computation are applicable to many vertical markets, with the healthcare and financial services sectors leading the overall adoption curve. These sectors have the most immediate and obviously compelling use cases, such as reducing the time and resources necessary to develop new pharmaceuticals or drastically cutting down cases of credit card fraud.


Amid all of the convenience afforded by digital assistance (as it pertains to HIPAA and GDPR for instance) we receive through new tools and technologies, many still say privacy has inevitably become collateral damage. Why is this and what can data privacy companies and their users do to change this narrative?


In most industries today, Big Data is redrawing the limits of human knowledge and capability. Unfortunately, highly regulated industries like healthcare have a harder time maximizing these benefits. While HIPAA is paramount to safeguarding patient privacy, regulations prevent researchers from exploring the full potential of their patient data. Embracing the spirit of the growing legal requirements for individual privacy, new privacy enhancing technologies are fundamentally changing the way healthcare organizations can unlock patient data, especially for collaboration.


How can privacy enhancement technology drive the digital economy and digital transformation?


Organizations in industries where data collaboration is important, but data is regulated, must deploy a robust privacy-enhancing technology (PET) solution. However, the benefit of secure data collaboration is more than ensuring regulatory compliance, it often leads to improved revenues, market share, and other positive business outcomes. Privacy-Enhancing Computation can help businesses meet their legal obligations to protect customer data, but PEC also helps businesses get more value from their data by allowing them to share and analyze it without revealing sensitive information about individual customers.


###