Home / Companies / Duality / Blog / April 2026

April 2026 Summaries

12 posts from Duality

Filter
Month: Year:
Post Summaries Back to Blog
Financial services face significant challenges in risk detection and management due to data silos and the need for cross-institutional visibility. Institutions hold detailed internal data, but critical patterns often emerge across networks, leading to a structural gap where institutions are responsible for risks beyond their data. Regulatory constraints, competitive pressures, and technical complexities hinder traditional data sharing, while privacy-enhancing technologies (PETs) offer a solution by facilitating secure distributed analytics without moving sensitive data. PETs enable institutions to perform analysis locally, share only non-sensitive outputs, and collaborate at a network level, enhancing fraud detection, AML monitoring, and credit modeling. This shift from data sharing to network intelligence allows financial institutions to maintain data control while gaining broader visibility into systemic risks, addressing the limitations of isolated detection systems and improving predictive accuracy.
Apr 30, 2026 2,397 words in the original blog post.
The main challenge in advancing healthcare AI is not the lack of data or models but the difficulty in accessing already existing critical datasets due to regulatory, privacy, and operational constraints that prevent centralization. Traditional centralized data-sharing models are ineffective in healthcare, which demands a shift to distributed data collaboration. This new approach leverages Privacy-Enhancing Technologies (PETs), such as federated learning and homomorphic encryption, allowing institutions to analyze and train models on sensitive data locally without transferring it across borders. By keeping data within its original environment and using secure computation methods, organizations can maintain privacy and compliance while still participating in collaborative analytics. This paradigm shift is exemplified by cross-border pediatric cancer research, where PETs reduced the time to insights from 23 months to 2 months by enabling secure, distributed data analysis. This approach allows healthcare consortia to scale collaborations effectively, enhancing interoperability and reducing reliance on legal agreements, by embedding trust directly into technical systems.
Apr 30, 2026 2,558 words in the original blog post.
Data residency and data sovereignty are often confused, yet they represent distinct concepts with significant implications for compliance and governance. Data residency refers to the physical location of data storage, while data sovereignty concerns the legal authority that governs access and regulation of that data. This distinction is crucial because residency often influences sovereignty, but does not guarantee legal protection. The overlap and divergence of these concepts are particularly impactful under frameworks like GDPR and laws such as the U.S. CLOUD Act, which can compel data disclosure regardless of storage location. This legal conflict is exacerbated by sector-specific regulations in finance, healthcare, and government, where data sensitivity and regulatory requirements are most stringent. Organizations face increased compliance risks if they conflate residency with sovereignty, as this can lead to false compliance confidence and significant financial penalties. Duality Technologies addresses these challenges by leveraging Privacy Enhancing Technologies to ensure data can be analyzed and shared across jurisdictions without exposing raw data, thus providing true data sovereignty beyond mere geographic considerations.
Apr 28, 2026 2,744 words in the original blog post.
Sensitive data, encompassing personal identifiable information (PII), protected health information (PHI), financial records, intellectual property (IP), credentials, operational data, and regulated data, is both a valuable and vulnerable asset for organizations. Mishandling such data can lead to severe repercussions, including regulatory fines, reputational damage, and security risks. Each type of sensitive data requires distinct protection strategies due to its unique risks and contextual sensitivity. Effective governance involves layered protection, strong access controls, privacy-preserving analytics, and secure collaboration practices, particularly when data is used in analytics or AI projects. Organizations often struggle with sensitive data management due to its widespread distribution across cloud services, SaaS applications, and cross-border collaborations, leading to potential exposure beyond the system of record. Solutions like Duality enable secure collaboration on sensitive data by maintaining control over data access and usage, ensuring compliance and reducing the risk of data breaches without compromising the ability to conduct analytics and AI-driven insights.
Apr 04, 2026 2,978 words in the original blog post.
K-anonymity, a privacy technique formalized in 1998, ensures that each individual in a dataset cannot be distinguished from at least k-1 other individuals based on certain quasi-identifiers, which can help protect against identity disclosure. However, k-anonymity has limitations, notably failing to prevent attribute disclosure, where sensitive information about individuals can be inferred; this gap is addressed by methods like l-diversity and t-closeness. Despite its initial significance, k-anonymity struggles with modern data challenges such as high-dimensional data, cross-referencing with external datasets, and time-series data. In regulated environments like healthcare, k-anonymity's applicability is limited, prompting the use of more advanced Privacy-Enhancing Technologies (PETs) such as Differential Privacy, Fully Homomorphic Encryption, and Secure Multi-Party Computation, which offer stronger data protection by preventing re-identification and enabling secure data collaboration across organizations. These technologies allow computations on encrypted data and facilitate cross-organizational analytics without exposing sensitive information, providing a more robust privacy framework than k-anonymity alone.
Apr 04, 2026 3,303 words in the original blog post.
Data de-identification is a complex process used in regulated environments like healthcare, finance, and AI development to modify datasets so individuals cannot be directly identified, allowing organizations to share and analyze data while attempting to reduce the risk of exposing sensitive information. It involves techniques such as suppression, masking, generalization, pseudonymization, and noise injection, and is not a foolproof solution, as re-identification is possible through various means, including linking datasets with external data. De-identification is more effective when combined with other privacy controls like access control, secure environments, and differential privacy, emphasizing the need for continuous risk assessment rather than a one-time transformation. In 2026, it is viewed not as a standalone solution but as a part of a broader privacy architecture, particularly important in AI and data collaboration to enable safe data sharing and model training without exposing raw records.
Apr 04, 2026 2,720 words in the original blog post.
Cloud data governance is a complex journey that involves not just identifying and classifying data but also ensuring that policies are actively enforced at the moment of data access or processing. While many organizations focus on cataloging and classification, they often struggle with enforcing access controls and maintaining compliance, particularly in regulated industries such as finance and healthcare. These sectors demand continuous proof of governance, especially in scenarios involving cross-border data flows and third-party collaborations. A primary challenge is the disconnection between governance policies and enforcement layers, as policies are often defined centrally but inconsistently applied across cloud services. This issue is exacerbated by the dynamic nature of cloud infrastructure, where data moves across various systems and regions. Furthermore, significant governance gaps arise from underestimating the complexity of managing non-human identities such as machine identities, which often have broad access with less oversight. Effective governance requires integrating metadata with enforcement systems and adopting context-aware access controls to ensure that policies dynamically influence data behavior. Privacy-enhancing technologies also play a crucial role by allowing secure data collaboration without exposing raw data. Ultimately, organizations must build integrated governance architectures that link identity, data platforms, and monitoring systems to ensure consistent compliance and operational capability across cloud environments.
Apr 04, 2026 2,196 words in the original blog post.
Choosing between data anonymization and data masking is crucial for organizations aiming to balance privacy, regulatory compliance, and data usability. As data moves across various platforms and workflows, organizations must ensure privacy without compromising on utility. Data anonymization makes individuals unidentifiable, ideal for sharing data externally or across organizations, but often reduces data fidelity. In contrast, data masking replaces sensitive values while maintaining data structure, suitable for controlled environments but not foolproof against insider threats. Privacy-enhancing technologies (PETs) like federated learning and homomorphic encryption offer alternatives by securing data during computation, thus shifting the focus from data transformation to privacy-preserving computation. The decision process involves assessing trust boundaries, data sensitivity, required data fidelity, and threat models. Effective solutions require policy-driven automation, native integration with data pipelines, and comprehensive audit and compliance features to ensure consistent protection and operational visibility.
Apr 04, 2026 3,036 words in the original blog post.
Data masking is a technique used to protect sensitive information by replacing real data with fictitious yet realistic equivalents, ensuring privacy while maintaining data utility for testing, development, and compliance purposes. Widely adopted across industries like finance, healthcare, and government, data masking is crucial for regulatory compliance, safe data sharing, and reducing insider threats. It employs various techniques such as substitution, shuffling, and noise infusion, but faces limitations including potential re-identification risks and reduced data utility in collaborative scenarios. As organizations increasingly require cross-boundary data analysis without compromising privacy, modern Privacy-Enhancing Technologies (PETs) like homomorphic encryption, federated learning, and secure multi-party computation offer more robust solutions by allowing computations on encrypted data without exposing it, thus preserving both privacy and analytical accuracy. While data masking remains a valuable tool, it is often part of a broader data security strategy, such as zero-trust architectures, which ensure that data access is tightly controlled and monitored.
Apr 04, 2026 3,367 words in the original blog post.
The European Union's €86 million investment in the 3C project is a forward-thinking initiative that emphasizes the importance of federated and distributed AI, respecting data sovereignty and decentralization. This project aims to create a federated edge cloud across telecom operators, addressing governance challenges and redefining security by using Privacy-Enhancing Technologies (PETs) to protect data while in use. This approach facilitates secure, cross-border collaboration without centralizing data, allowing computation to occur locally and safeguarding sensitive information. PETs are revolutionizing sectors like healthcare and intelligence by enabling shared AI model training and secure data querying without revealing underlying datasets. The initiative positions the EU at the forefront of AI innovation, fostering a competitive advantage by enabling trusted data collaboration and accelerating AI adoption. With PETs and a focus on secure, decentralized data use, the EU's strategy signals a transformative shift towards federated AI ecosystems, highlighting the potential for organizations to thrive by collaborating securely with data they do not own.
Apr 04, 2026 693 words in the original blog post.
Data sovereignty under the General Data Protection Regulation (GDPR) extends beyond merely storing EU citizens' data within EU borders, emphasizing jurisdictional control over how data is accessed, processed, and managed, irrespective of its physical location. This principle gained prominence following the Schrems II ruling, which necessitated stringent safeguards for data transfers to countries lacking "adequate" protections, highlighting the limitations of Standard Contractual Clauses (SCCs) alone and elevating sovereignty to a continuous risk assessment process. The US CLOUD Act poses a direct challenge to GDPR sovereignty by allowing US authorities to access data held by US companies, even if stored in the EU, which creates legal tensions for organizations using US-based cloud providers. To achieve compliance, organizations must implement a layered strategy of legal, organizational, and technical controls, including conducting thorough Transfer Impact Assessments (TIAs) and employing privacy-enhancing technologies like homomorphic encryption and federated learning to maintain data protection across borders. Key management, particularly the control over encryption keys, plays a critical role in safeguarding data sovereignty, as it prevents unauthorized access by ensuring that only the data controller can decrypt the data. Healthcare, finance, and government sectors, due to their handling of sensitive data, face heightened compliance demands, making GDPR data sovereignty a foundational requirement for operation.
Apr 04, 2026 2,472 words in the original blog post.
Data sovereignty laws have transitioned from being a peripheral compliance issue to a core architectural challenge for global organizations, dictating how data must be governed, stored, and processed based on geographic locations. These laws, which emerge from the digital era's structural shifts—such as the strategic national asset view of data, the obscured locations in cloud computing, and the cross-border data needs of AI—compel organizations to incorporate jurisdictional constraints into their system designs. A country-by-country analysis reveals diverse regulatory approaches, with China and Russia enforcing strict localization, while the EU prioritizes transfer conditions, significantly impacting industries like healthcare, finance, and government. Furthermore, these laws influence cloud computing strategies, necessitating jurisdiction-sensitive architectures and complicating AI model training by fragmenting datasets. Privacy-enhancing technologies offer a pathway to compliance, allowing organizations to maintain data utility while adhering to regional laws. Compliance failures can lead to severe penalties, including fines and operational disruptions, making it imperative for businesses to embed compliance into their infrastructure and leverage advanced technologies to sustain performance and innovation in a fragmented regulatory landscape.
Apr 04, 2026 2,959 words in the original blog post.