Data encryption is the most important defence for data subject security. Personal data cannot be protected by network security and firewalls alone.
However, data encryption has an Achilles' Heel - the encryption key. Should the key be compromised, the encryption becomes useless and data can be breached.
PRIVACY VAULT approaches data encryption with this vulnerability in mind. It mitigates this issue by never storing the encryption key. Instead, PRIVACY VAULT breaks up each key into multiple cryptographic "shares" and allocates them among contextually-relevant "shareholders".
The only way to encrypt or decrypt personal data is via secure collaboration among an orchestrated quorum of these shareholders.
The PRIVACY VAULT approach leverages the benefits of Advanced Encryption Standards (AES) technology, with added benefits:
Access to personal data is always performed via multi-party computation, thwarting the plans of malicious actors.
Key shares are themselves encrypted and managed differently for each shareholder.
No unauthorized data browsing is possible. Data may only be decrypted and released for a defined, legitimate purpose via Purpose-Based Access Control.
If even an entire server is stolen and downloaded, no harm would result and there would not even be a legal need to report the incident.
This security solution is massively scalable, potentially supporting billions of data subjects and millions of data controllers simultaneously.