Datastroy was started in 1982 by Lonnie Corey. It was created to destroy confidential data for corporations and individuals. The 1974 Congressional Privacy Act recognized the potential danger of maintaining records on private individuals. In response, Congress instituted legislation designed to protect certain information, including criminal history, educational records, medical treatment, etc. Business records were given equal attention and care.
Clients ranged from individuals who want to keep information from falling into the wrong hands to employers who want certain data to remain strictly confidential, to people who simply must follow certain regulations in their own businesses: travel agencies disposing of blank airline tickets, consultants who have run surveys from personal questionnaires. The bulk of Datastroy’s business came from banks and insurance companies since the data and information they maintain have the greatest potential for abuse—names, phone numbers, bank account and charge card numbers.
Datastroy remains informed and engaged regarding current practices and the future of data destruction and information safety.
An increasing amount of sensitive data is stored on systems beyond the direct control of the originator of the data. This includes private individuals, corporations, and governments, and complicates the problem of confidential data destruction and protection of privacy.
There are some standard current techniques to secure data on remote systems and enable secure and efficient deletion of data: data can be encrypted while “at rest” (i.e., while stored in systems). By careful management of the encryption key, the owner of the data can ensure that the data cannot be inappropriately decrypted. And by securely deleting the encryption key, the encrypted data is effectively deleted.
However, techniques to protect sensitive data at rest do not necessarily help protect computation using that data, nor protect the information carried by that data, e.g., the output of computation over the sensitive data.
There is increasing awareness among companies and individuals about the importance of the data they own and generate, and the risks involved with losing control of that data much like in the past when the solution was to shred and/or burn hard copy like paper or film.
Legislation is increasingly regulating how companies handle sensitive data. The EU has been proactive in adopting legislation that gives individuals the “right to be forgotten”, i.e., the right of an individual to have certain data about them deleted. The EU General Data Protection Regulation (GDPR) will be enforced as of May 2018 and gives EU citizens various rights (“right to erasure”) over data that concerns them and requires companies that handle data of EU citizens to support these rights. Though this is the “Present” in some countries, it is not yet a custom in the United States.
Datastroy is spearheading research and development to create applications that will address the issue of how to handle sensitive information, continuing its history of vision and innovation.
In the Future, through grants with collaborating entities, Datastroy will sponsor development in the following areas:
Enable applications (e.g., like Facebook or similar) to use individual’s data, but still give the individual control over the data.
Develop Techniques and tools for building applications that not only securely delete sensitive data, but also data derived from the sensitive data (i.e., delete sensitive information, not just sensitive data).
Secure cloud: use untrusted machines owned by a cloud provider to handle and compute on sensitive information with guarantees that the cloud provider CANNOT access the data/learn the information, during the computation or after.
Fully homomorphic encryption holds the promise of computing (arbitrary computations) over encrypted data.
Our Board information is coming soon.
We have an impressive Advisory Board of leaders in this field:
Dean, Faculty of Computing & Information Science
at Cornell University
Click here for CV