To end the data breach epidemic, do we need to rethink data sharing?

Data breaches are rising and trust is falling. In 2024, more than 5.5 billion user accounts were compromised, a staggering eightfold increase from 730 million breached accounts in 2023.

Even more worrying is that 35.5% of all reported data breaches were linked to third parties, up 6.5% from 2023, according to the HIPAA Journal, which stated that: "Third-party breaches are classed as breaches that originated at a vendor, supplier, or partner, with the attackers pivoting to infiltrate the networks of business-to-business customers, and where data from one organization is compromised while in the custody of a third party." In other words, these third-party breaches occur when personal data is being stored, processed or managed by an entity other than the data owner, namely the organization that collected it.

These breaches go beyond regulatory fines or reputational damage: they erode consumer trust and damage the foundations of an economy increasingly reliant on data.

If we could eliminate the sharing or external storage of raw personal data, we could plausibly cut global breach incidents dramatically.

When done responsibly, data collaboration has the power to unlock significant value for businesses, consumers and society. It enables organizations to better understand their customers, leading to more relevant offers, improved customer experience and stronger returns on marketing initiatives.

At a societal level, it drives breakthroughs in medical research, smarter public service delivery and financial inclusion through alternative credit scoring.

Collaboration on data often relies on data transfers in which raw files are sent across clouds, exported to partners, stored in third-party platforms or replicated across vendor environments.

When raw data is exported, transferred or duplicated across environments, it creates multiple points of vulnerability. Even when encrypted, once data is moved, it's harder to control and monitor, which is how third-party breaches occur.

Fortunately, thanks to privacy enhancing technologies (PETs), organizations can collaborate on data, extract insights and build models without sharing or exposing raw data.

Instead of transferring sensitive data to partners or platforms, PETs allow organizations to share insights, while keeping raw data private and protected.

Here’s what some of the most widely used PETs do:

Raw data stays private and is never shared.

Raw data is never moved or exposed.

Raw data stays encrypted at all times.

Raw data may be uploaded to a TEE, but should always be encrypted first.

PETs were named one of the World Economic Forum’s 'Top 10 Emerging Technologies of 2024' for their ability to enable responsible data use, reduce breach risk and preserve individual privacy.

To fully realize the promise of PETs, organizations must follow clear privacy-first principles starting with one fundamental rule:

Never expose raw personal data to any third party.

Perhaps the most popular way of collaborating on consumer data is by using data clean rooms — a secure computing environment where multiple parties can compare or analyze their datasets without revealing the underlying personal information.

Many data clean rooms on the market today, however, require organizations to upload raw datasets to a central platform to be anonymized. While convenient, this approach introduces avoidable risk by introducing a new point of vulnerability for data breach: the vendor.

Instead, anonymization should happen on-site, under the data owner's full control. So, choose PET platforms and clean room providers that provide a secure environment where no party, not even the vendor, can access or view your data.

These steps are essential to maintaining privacy, compliance and consumer confidence.

PETs allow us to unlock the full potential of data while protecting consumer privacy and enabling cross-sector collaboration by preserving trust.

The maths is clear: roughly one-third of all reported data breaches are linked to third-party breaches. If businesses stop exposing raw personal information to third parties, we could dramatically reduce that number.

PETs give organizations the tools to make this possible. By enabling insights without raw data ever being exposed or leaving the control of its owner, they reduce breach risk and preserve consumer trust.