Privacy Enhancing Technologies (PETs) are privacy controls that are incorporated into information systems to assist government and private organisations to comply with their privacy obligations and maintain relevant privacy standards in accordance with the Data Protection Act 1998.

In an age where both private and public services are available online and individuals continually part with vast amounts of personal information to receive these services, PETs signal trustworthiness and create public confidence in an organisation.

PETs are also appealing because they enhance the quality of information and allow for the automatic enforcement of privacy regulation.

Traditionally, PETs were limited to software "pseudonymisation tools" allowing individuals to withhold their true identity from those operating electronic systems or providing services through them. These services reduce the amount of personal data collected and include anonymous web browsers, specialist e-mail systems and digital cash.

However, the scope of PETs has expanded and the Information Commissioner recognises that this could encompass any technology that enhances an individual’s privacy. For example, a wider approach to PETs would include:

  • online access to individuals to review and amend their own personal data;
  • "sticky" electronic privacy policies that attach to personal data and prevent a use outside the scope of the policy;
  • encrypted biometric access systems that allow access to systems, but do not retain actual copies of a finger print or eye scan;
  • automatic privacy policies that operate through software to alert a web user to conflicts between their privacy preferences and the website they are viewing.

There are cost benefits for organisations which consider PETs at the outset of any systems project. Firstly, system designers and privacy coordinators incorporating PETs at the design stage can avoid the additional cost of amending a system in the future. Secondly, PETs can allow an individual to view and update the data held on them. This both facilitates the individual’s access rights under the Act and also saves valuable staff time otherwise spent on ensuring the accuracy of data or responding to access requests.

Implementation of PETs can also help to reduce risks of human error and provide additional electronic safeguards through the automatic enforcement of privacy regulations and the protection and processing of sensitive personal data. For example, using "sticky" electronic privacy policies could help employees ascertain the purposes for which personal data was collected and whether the data can be used to market to the individual.

It is, therefore, essential that organisations, public or private, consider all applicable PETs when entering into services and outsourcing agreements. This should both ensure compliance with the Data Protection Act 1998 and also maximise the benefit to the organisation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.