TripleBlind to Highlight Business Benefits of Enhanced Data Sharing and Collaboration at Upcoming Industry Events

KANSAS CITY, MO., July 29, 2021TripleBlind announced today several upcoming events where the company will highlight new revenue opportunities made possible by increased data sharing and collaboration, while automatically enforcing regulatory standards such as HIPAA and GDPR. TripleBlind’s next generation cryptographic technology enables companies to share sensitive data without that data ever leaving the company’s firewall, and only allowing the data user to perform operations specifically authorized by the data provider. 

 

TripleBlind will participate in these upcoming events:

  • HIMSS Conference, August 9-13, to be held at Venetian-Sands Expo Center, Caesars Forum Conference Center and Wynn in Las Vegas. TripleBlind co-founder and CEO Riddhiman Das will present on the topic, Unlocking Data Platforms and Marketplaces, on Wednesday, August 11 from 2:15-2:35 p.m. and TripleBlind will exhibit in the Sands Expo Center, level 2, booth #7710. To schedule a meeting with TripleBlind during HIMSS, reach out to gaurav@tripleblind.ai. Click here to register.
  • Overcoming Privacy Hurdles: Approaches for Challenges in Data Sharing, Wednesday, August 25 at 12 p.m. CT. This webinar will focus on the opportunities created by enhanced data sharing while enforcing privacy standards such as GDPR and HIPAA. It will include Elizabeth Harding, shareholder at IP law firm Polsinelli, Fatima Kahn, senior corporate counsel, privacy and product at leading independent identity provider Okta and Riddhiman Das, co-founder and CEO at TripleBlind. Click here to register.

 

About TripleBlind
TripleBlind’s patented breakthroughs in advanced mathematics arm organizations with the ability to share, leverage and monetize regulated data, such as PII and PHI, and mission-critical enterprise data, such as tax returns and banking transactions. It unlocks the estimated 105 petabytes of data stored by enterprises today that are inaccessible and unmonetized due to privacy concerns and regulations. With TripleBlind, decision-makers generate new revenue for their organizations by gaining deeper insights faster, creating improved modeling and analysis, and collaborating more effectively with customers and partners and even competitors, while enabling enterprises to enforce today’s regulatory standards, such as HIPAA, GDPR and PDPA. 

For more information, please visit tripleblind.ai

 

TripleBlind Contact:

Victoria Guimarin
UPRAISE Marketing + Public Relations for TripleBlind
tripleblind@upraisepr.com
415.397.7600

 

Kam Naficy
KNECTCOMMS for TripleBlind
kn@knectcomms.com
+44(0)7453 323 367

Secure and Private Compute Summit

TripleBlind: A Supplemental Solution to Confidential Compute and Secure Enclaves

The data ecosystem is broken. In the current market, if Company A wants to share data with Company B, it has to decrypt it, send it over the internet and then once received, Company B has to replicate it for use. Decrypting and duplicating data comes with multiple risks, including:

  • Company A cannot put any restrictions on the use of the data, 
  • Both companies face liability concerns,
  • Both companies are subjected to expensive and time-consuming contracts and negotiations,
  • And, both companies are trusting that the data will be used in a way that adheres to the Terms of Use.

Right now, the most popular solution to minimize risk for both companies A and B are secure enclaves. Secure enclaves enable confidential computing, a process that ensures different programs running on the same machine or cloud server cannot access one another’s memory, keeping data in use private. Secure enclaves act as a black box, keeping the data stored separately from other machine processes; subsequently protecting all of the data and code inside the enclave. However, secure enclaves have limitations. 

Secure enclaves store data on a public cloud, which solves issues related to keeping data safe from company employees and third-party vendors with access to the same physical hardware. With secure enclaves in place, the possibility of an intentional or unintentional breach is minimized. However, they do not solve privacy challenges from regulations like HIPAA, GDPR and other government regulations. Even with secure enclaves, the path to regulatory compliance is costly and strenuous. 

For instance, if a medical research lab wants to share patient data with a drug manufacturer using only secure enclaves, to be HIPAA compliant, the research lab has to remove the 18 PHI identifiers and be anonymized, consult third-party analysts, establish legal terms, negotiate BAA and good faith adherence to terms. Each of those steps cost money, with the last step putting the data at risk of abuse.

 

Secure Enclaves Do Not Solve Data Privacy Issues on Their Own; TripleBlind Does

As stated above, secure enclaves have been an effective solution for protecting data, but they are limited due to the fact that both the data and algorithm must be in the same physical location. TripleBlind does not have those same constraints. With TripleBlind, enterprises are not restricted by the physical location of their data or algorithm. 

By itself, confidential compute is expensive, time intensive and complex. Pairing it with TripleBlind’s Blind Data Utilization Toolbox, simplifies data regulation compliance and eliminates much of the work and cost associated with achieving data de-identification. 

 

By itself, TripleBlind can ensure compliance with any data privacy law or regulation. When combined with secure enclaves, TripleBlind creates a thorough approach to ensure sensitive data is never accessible by unauthorized users, programs, applications or companies at any stage of the data lifecycle.

 

Comparison of TripleBlind and Secure Enclaves

TripleBlind Secure Enclaves / Confidential Compute
Does not require movement of data residing in multiple locations or countries Requires data to be compiled in one place
Real time data de-identification with Blind De-Identification  No de-identification; requires manual anonymization and tokenization
Allows for easy aggregation of data from multiple sources while enforcing regulations Requires a great deal of paperwork, BAA, resources, and time
Enables data operations to occur across the world from anywhere  Does not allow operations on European data to take place from the US
Allows for keeping the raw data in the country during operations  Data must be moved so that the algorithm and the data reside on the

same server

Brings digital rights to the data – enforce any regulation into the rights that govern the data Does not enable digital rights on the data; trusted-but-curious parties can still access raw data
Easy to use via simple API  Difficult to use – requires complex lower level operations
Blind Learning protects training data leakage from the trained model  No model protection – training data leakage is still possible
Data residency compliant because raw data stays local  Does not solve data residency issues since data needs to be compiled

in one place

Keeps algorithm intellectual property secure  Algorithm can be susceptible to reverse-engineering of intellectual property & training data
Eliminates the need for data sharing agreements  Data sharing agreements are a necessity for this approach
Reduces liability for receiver of data  Even if best practices are followed, the receiver of the data has the raw data which still could be exposed
Reduces liability for sender of data  Sender of data cannot control how the receiver uses it, takes on a lot of risk
Does not address shared hardware compute concerns on public cloud  Specifically addresses shared hardware compute privacy needs on the public cloud
Enforces permissions on how the data can be used  Does not enforce permissions on how the data can be used
Maintains an auditable log of every operation done to every piece of data  Does not keep a auditable log of data operations
Does not require tokenization of data – works with unstructured (untokenizable) data Requires tokenization of data – not feasible 

with unstructured data

No limitations on operations on the data, as long as they are permissible  Accessing the GPU is difficult – training Neural Networks is a challenge
All software (no hardware dependencies) – vulnerabilities can be updated with a software patch All hardware – vulnerabilities are well known and take years to patch

Secure enclaves on their own are not enough to solve data privacy regulatory issues. Contact us today at contact@tripleblind.ai to learn about how TripleBlind provides enterprise data privacy unbounded by the physical location of the data or the algorithm.

TripleBlind Welcomes Sam Abadir as its Director of Partnerships

We’re excited to announce that Sam Abadir has joined TripleBlind as its new Director of Partnerships! Abadir will be working with TripleBlind’s partners as well as helping customers understand the value of sharing data in ways that weren’t possible before. 

“We’re honored to have Sam Abadir join us, having over two decades of knowledge in risk management,” said TripleBlind CEO Riddhiman Das. “Under his guidance, we hope to expand our partnership network to allow enterprises to collaborate in ways that were once unimaginable but are now necessary for the future of trust.”

Abadir has over a decade of consulting experience in the software solutions space. Prior to joining TripleBlind, he worked for NAVEX Global, offering integrated risk and compliance management software and services. He has dedicated his career to educating the world on governance, risk and compliance, and helping organizations use the data and content around them to better manage risk.

Sam Abadir, Director of Partnerships

“I’m excited to join the TripleBlind team. Having spent years working with different companies managing risk and data sharing, TripleBlind’s solution is innovative and unlocks a lot of opportunities for companies to solve problems better while still ethically protecting data,” said Abadir. 

Facial Recognition Needs Diverse Data

During a recent 60 Minutes segment, Anderson Cooper investigated facial recognition software’s use in criminal investigations. Using complex mathematical algorithms, the facial recognition software compares a suspect’s face to potentially millions of other mugshots in a dataset. 

However, these algorithms are built and trained using a finite number of photos of a very demographically unbalanced dataset. Meaning, when it compares an image to millions of others, it will have a more challenging time distinguishing Black, Asian and female faces in particular. Once a suspect’s face is run through the software, it provides possible matches and ranks them in order of probability.

In the case of Robert Williams, police argue that his wrongful arrest was due to sloppy work done by humans, not the software. Ideally, data analysts review the results provided by the software to determine which results seem accurate, and only then could it be used as a lead and a lead only. Police cannot arrest or charge individuals based on facial recognition alone. But, human error and biased AI have led to an unknown number of wrongful arrests, but we know of at least three individuals who have filed lawsuits due to error. 

One issue lies with the lack of national guidelines around facial recognition. Local cities and agencies decide how to use it, who can run it, if formal training is needed and what kind of images can be used. In some cases, police photoshop a suspects’ facial features, especially when a suspect’s face is partially obscured. They edit someone else’s facial features to fill the gaps, but this also skews the accuracy of the results on top of using a problematic algorithm. 

It’s been challenging to acquire datasets that are diverse, private, yet easily accessible.

With TripleBlind, we offer the ability for these algorithms to be built and trained on real data, not modeled data; that way, there are no inherent biases. Algorithms can begin to train and learn from datasets that represent real faces of people with a variety of facial features. This hasn’t been done yet due to the lack of solutions that offer complete data privacy and integrity while being efficient and cost-effective.

One of TripleBlind’s most significant features is its compliance with HIPAA, GDPR and other regulatory standards. We offer the sole solution that successfully de-identities genomic data. We ensure that no one can be re-identified and that the data is never copied and never decrypted. With TripleBlind, we can start filling in the gaps of needed, diverse data for facial recognition to be balanced and trusted. 

Agencies and cities are facing costly settlements for wrongful arrests. It’s unknown how many other people have been wrongfully arrested, given that some arrested individuals never find out that facial recognition led to their arrest. Using facial recognition is a controversial practice and will be the subject of many laws and regulations that could make cities vulnerable to more lawsuits.

TripleBlind Technology Helps the Financial Services Industry Address a $56 Billion Issue

In 2020, identity fraud losses exceeded $56 billion in the United States alone. This number includes $13 billion for traditional identity fraud, such as data breaches, and $43 billion for other types of identity fraud scams. 

Financial services companies have been reluctant to collaborate for multiple reasons; including competitive pressures, concerns about antitrust exposure and additional concerns about data privacy.  However, $56 billion is too large a number to ignore. A key reason identity fraud happens is any one financial institution has just a limited profile of its customers. The typical consumer has multiple accounts with multiple institutions.  If financial institutions could collaborate and gain a holistic picture of their customers, they could develop more effective algorithms to combat identity fraud.  This holds true for other illegal activity, such as money laundering schemes. In our recent Privacy Enables the Adoption of Open Banking blog, we discuss reasons banks and financial institutions are still reluctant to share data with competitors. 

Solutions that enable and facilitate collaboration haven’t been up to the task. Legal agreements institutions attempt to put in place are complex, take a long time to negotiate and rely on the goodwill of the parties involved. Some technology solutions, such as homomorphic encryption, do enable data sharing while remaining in compliance with data privacy standards, but severely degrade the performance of financial institutions’ networks. Others, such as secure enclaves provide an incomplete solution.

TripleBlind’s solution addresses these issues and allows financial services competitors and partners alike to share data without needing to trust the recipient because the most sensitive information within each data set remains private. TripleBlind’s API-driven virtual exchange creates an environment where encrypted data can safely be shared and used by institutions without ever exposing them to the risks that come with handling raw data, ultimately reducing fraud, intentional or not, and ensuring higher levels of compliance.

One example of how TripleBlind’s solution could prevent credit card fraud would be for Bank 1, Bank 2 and Bank 3, to share encrypted data with a credit card fraud detection company using TripleBlind’s private AI infrastructure. If a customer has accounts with the three banks, it would be most beneficial for the fraud detection company to access spending habits from all three sources and then share data among them to ensure the customer’s finances are secure.

However, while Bank 1 wants to give the fraud detection company information regarding the consumer’s spending habits, Bank 1 is reluctant to share that data with Banks 2 or 3. TripleBlind’s technology would only give Bank 2 and 3 the essential information necessary to determine if the customer’s account has been compromised; and vice versa for data from the other two banks.

Additionally, the data can only be used for its agreed-upon purpose. So if Bank 1, Bank 2 and Bank 3 agree to share data for fraud detection, they cannot access it for additional operations, such as marketing activities. 

Sharing data with TripleBlind allows competitors to collaborate for mutual benefit without giving up the proprietary data – everybody wins.

TripleBlind has already partnered with leaders in the healthcare and financial services industries to tackle their data sharing needs with ensured safety, including Mayo Clinic, BC Platforms and Snowflake. If you are interested in exploring how your company can increase your data sharing capabilities, please contact us for a free demo HERE.

TripleBlind to Host Webinar with Riddhiman Das and Accenture’s Keri Smith; Learn How to Monetize and Safely Share Sensitive Financial Data

WHO:
Riddhiman Das, Co-founder and CEO, TripleBlind
Keri Smith, Managing Director, Applied Intelligence – Financial Services, Cloud First, Accenture

WHAT:
On June 22, Das and Smith will go over how to combine financial data sets from multiple sources, both internal or external, while staying compliant with GDPR, CCPA, and data residency requirements. Learn how it works with new AI and ML companies in a cost-efficient manner.

WHY:
Financial institutions in the modern world can monetize and safely share sensitive data. TripleBlind provides zero trust data sharing that allows internal teams or third parties to analyze and use data without ever seeing it or duplicating it.

WHEN:
Tuesday, June 22, 2021
Global Banking in 2022: The Challenges of Data Privacy Risks and Regulations – versus the Opportunities of Data Exchanges and Data Platforms
12:00 pm (CT)

WHERE:
Participants can register for the webinar here.

 

About TripleBlind
TripleBlind’s patented breakthroughs in advanced mathematics arm organizations with the ability to share, leverage and monetize regulated data, such as PII and PHI, and mission-critical enterprise data, such as tax returns and banking transactions. It unlocks the estimated 105 petabytes of data stored by enterprises today that are inaccessible and unmonetized due to privacy concerns and regulations. With TripleBlind, decision-makers generate new revenue for their organizations by gaining deeper insights faster, creating improved modeling and analysis, and collaborating more effectively with customers and partners and even competitors, while enabling enterprises to enforce today’s regulatory standards, such as HIPAA, GDPR and PDPA.

For more information, please visit tripleblind.ai

 

TripleBlind Contact:
Victoria Guimarin
E-mail: tripleblind@upraisepr.com
Phone: +1 510.331.9548

TripleBlind’s Blind De-identification Via One Way Encryption Provides Advantages for Healthcare Institutions

TripleBlind is currently the only solution that effectively de-identifies genomic data. Its groundbreaking approach to data sharing involves de-identification via one-way encryption that allows for safe and compliant data sharing among healthcare institutions. The solution meets the legal definition of de-identification, and TripleBlind never hosts any data that is being shared.

TripleBlind unlocks the ability for healthcare organizations to share PHI, health records, genomic and other data, enabling data to be usable at its highest resolution without incurring an accuracy penalty. TripleBlind de-identifies data by splitting each record, randomly, byte-by-byte, automatically de-identifying it without anonymizing it. Because the random splits cannot be used to identify an individual, the data sharing remains compliant with privacy standards, like HIPAA and GDPR.

Blind de-identification via one way encryption provides many advantages over the five methods for data anonymization most frequently utilized today, the utmost being that blind de-identification does not alter the fidelity of the data. Apart from often being slow, expensive, and unclear as to if full sets of data are actually fully de-identified and secure, other methods of de-identification remain inferior to TripleBlind’s mode of blind de-identification.

 

  • K-anonymization alters the fidelity of the data through two means: suppression (data masking); certain values of the attributes are replaced by an asterisk. All or some values of a column may be replaced by an asterisk; or generalization; individual values of attributes are replaced with a broader category, e.g., the value 19 might be replaced with <20,
  • Pseudonymization replaces private identifiers with fake identifiers or pseudonyms,
  • Data swapping (shuffling or permutation) rearranges the dataset attribute values so they do not correspond with the original records,
  • Data perturbation modifies the original data set by rounding numbers and adding random noise, also known as differential privacy,
  • Synthetic data is often used in place of altering the original dataset or using it as is and risking privacy, but even the best synthetic data is still a replica of specific properties of the original data.

 

One way encryption creates a clear path from data collection to data usage that is significantly faster, cheaper, seamless and compliant. 

TripleBlind has already partnered with leaders in the healthcare and finance industries to tackle their data sharing needs with ensured safety, including Mayo Clinic, BC Platforms and Snowflake

We have upcoming webinars that go into depth about our services so follow us on LinkedIn and Twitter for updates. If you have questions or would like a free hands-on demo, reach out to us at contact@tripleblind.ai.

Part II: The Private Solution to the Schrems II Decision Turmoil

In July 2020, the court of Justice of the European Union officially made their decision on Schrems II finding that the EU-U.S. Privacy Shield Framework, on which more than 5,000 U.S. companies rely to conduct trans-Atlantic trade in compliance with EU data protection rules, was invalid. Since then, companies have had to reevaluate their transatlantic data sharing operations through a case-by-case analysis, costing time and money to achieve the required level of compliance.

TripleBlind has the solution to this turmoil. We discussed this topic before the decision was made, our technology allows entities to comply with these new standards and achieve their business objectives regardless of location. Deploying TripleBlind enables enterprises to share data and collaborate with other enterprises with confidence, knowing that TripleBlind enables them to automatically enforce HIPAA, GDPR and other regulatory standards. 

We built TripleBlind to remain future-proof by creating a solution that automatically complies with even the strictest standards. Our blind de-identification process is TripleBlind’s novel method of data de-identification via one-way encryption, allowing all attributes of the data to be used, even at an individual level, while eliminating any possibility of the user of the data learning anything about the individual. Meaning, data is legally de-identified in real time with practically 0% probability of re-identification. 

TripleBlind enables the processing and analyzing of sensitive data without ever moving it across borders. The data always remains encrypted, de-identified and is completely blind to TripleBlind and data consumers.

See our graphic below for a visual summary of how TripleBlind solves the Schrems II turmoil.

TripleBlind Schrems II Solution Diagram


TripleBlind has the only private, encrypted and de-identified aggregated analysis pipeline. EU data stays within boundaries, and enterprises are able to efficiently and cost effectively share all types of data, even data that traditionally can’t be de-identified, such as genetic data. 

We have upcoming webinars that go into depth about our services so follow us on LinkedIn and Twitter for updates. If you have questions or would like a free hands-on workshop, reach out to us at contact@tripleblind.ai!