The contents of this document are protected by U.S. state trade secret laws, federal and internaonal copyright and patent laws. Anonos, Dynamic Anonymity, Dynamic De-Idener, DDID, Just-In-Time-Identy, JITI, and CoT are trademarks of Anonos Inc.

Future of Privacy Foundation Practical De-Identification Workshop

_________

The Essential Role of Controls _________

Achieving a Balance of De-Id Controls The Role of Trusted Third Pares

Washington, DC

July 9, 2015

2 2015 Anonos Inc. www.anonos.com

Not all De-Id Controls are Created Equal Policy Controls versus Technology Controls

Policy De-Id Controls

' Suggesve

Technology De-Id Controls

' Prevenve

3 2015 Anonos Inc. www.anonos.com

Not all Technology De-Id Controls are Created Equal Stac Technology Controls versus Dynamic Technology Controls

Current: Stac Technology Controls

' Encrypon ' Do Not Track

' Just In Time Consent

Future: Dynamic Technology Controls

' Dynamic Data Obscurity (DDO) ' Dynamic De-Idencaon ' Just In Time Identy (JITI)

Usable / Unprotected

Unusable / Protected

Usable / Protected

4 2015 Anonos Inc. www.anonos.com

Just-In-Time-Identy (JITI) A Visual Analogy

Stac De-Id Technology Controls ' Usable ' Unprotected

' Unusable ' Protected

Just In Time Identy (JITI)

' Usable ' Protected ' Dynamic De-Ideners (DDIDs)

AbCD 75vq MMV4 lKdE xXzl

afwr

887c 7206 ajd2 ppaz iiuv uux3

wwoa 99s1 oov7 5553 9951 xx9a

eeXt

FPF#1

hhq7 zhg5 lL99 fdxv

5 2015 Anonos Inc. www.anonos.com

First Key = 55 BPM

Second Key = 50-60 BPM Third Key

= Normal BPM

Just-In-Time-Identy (JITI) Heart Rate Example

Simultaneous Views of BPM Outcome Data

Expired Key or No Key = No Informaon

6 2015 Anonos Inc. www.anonos.com

JITI - Key Triggers / Technology Enforced Policy Controls / Outcomes

Key Triggers

' Temporal ' Locaon

' Geo ' Logical

' Acon ' State

Technology Enforced Policy Controls

' Regulatory Policy ' Industry Policy ' Corporate Policy ' Informaon Policy ' Key Escrow Policy

' Mul-Party

Outcomes

' Logs (Auditable) ' Success

' Null Results ' Delivered Results

' Failure ' Blocked Results ' Expired /Revoked Key(s)

' Data Output ' Local Display ' Data Exported

' Data Import ' Key Escrow Events

' Mul-Party

7 2015 Anonos Inc. www.anonos.com

JITI Controls Exercised by Trusted Third Party / Proxy

8 2015 Anonos Inc. www.anonos.com

Three Takeaways: Dynamic Data Obscurity (DDO) / Dynamic De-Idencaon

1. Enforces privacy policies: Dynamic and concurrent architecturally enforced policies enable access control per data element and table instance, with unlimited instances available simultaneously on demand.

2. Enhances security: Source data is intenonally worthless to unauthorized pares and freely portable when decoupled from DDO enforcement ecosystem, even in cases where super users have broad visibility due to revocaon of ephemeral key credenals.

3. Enables privacy / security respecul innovaon: Data ulity is maximized as a maer of policy, compliance, commercial, and societal objecves, without hindrance by restricve and inexible security controls.

9 2015 Anonos Inc. www.anonos.com

Comparison of Dierent Privacy / Security Technologies

10 2015 Anonos Inc. www.anonos.com

Thank you

M. Gary LaFever

gary@anonos.com

(303) 823-8111