OpenFin Adds Data Privacy Layer to Operating System

OpenFin has integrated Exate’s data privacy technology to help navigate global data protection laws. The built-in, end-to-end encryption is designed to control and manage data across applications on OpenFin’s operating system.

The Exate technology functions to protect data and authorize access to users in line with internal policies and relevant global data protection regimes, including the General Data Protect Regulation (GDPR), which went into effect on May 25, 2018. As part of the security process, the data is tagged, scrambled, and then reconstructed, but it can only be reconstructed for authorized users. The technology includes a centrally-maintained rules engine that is used to determine how the data is processed and who has the authorization to access it. The engine is up to date with various regulatory requirements, global regimes, and data privacy policies

Peter Lancos, CEO and co-founder of Exate, explains that the technology functions similar to a digital ink bomb, where instead of cash, the data would be rendered useless in the event of a breach or unpermitted access. In this case, the data is broken down into multiple pieces and scrambled, making it unusable to unauthorized parties.

Businesses and application providers can customize and update their data privacy rules centrally, set by their compliance and legal teams. The security restrictions then control whether the data can be constructed fully, in a pseudonym-ized way or compiled in an irreversibly-anonymized manner, depending on the users permitted access. The function also operates according to data protection requirements across various countries and jurisdictions.

“So what we have is a globally distributed data management solution that makes sure that the sensitive data that is supposed to be restricted to a specific country, remains permission-based only in the country that is in scope,” says Sonal Ratan, co-founder and CTO of Exate.

As OpenFin’s infrastructure enables interoperability and flow of data between desktop applications, Exate’s centrally-based privacy layer looks to simplify the compliance process across all businesses plugged into its system, removing the need for individual integrations. Adam Toms, CEO of OpenFin Europe, explains that this pairing came about as regulators are taking a closer look at how data is used and shared in the capital markets.

“Regulators globally have become more and more sensitive as to how information is distributed, how it changes, and how it transits across trading floors and different functions,” Toms says. “This has been a concern for quite some time, and [the regulators] do encourage good practice. Capital markets now operate on a need-to-know basis, and that means much more granular entitlement and permissioning of a dataset is required.”

One of the primary drivers for data privacy technologies is their ability to act as a trusted layer between firms and their third-party providers. Particularly when it comes banks moving sensitive data to the cloud says Lancos.

Cloud Migrations

Banks and asset managers are faced with heavy fines for non-compliance with data protection laws, making them increasingly cautious when sharing their data with third-party providers for cases such as testing software or applications. The Information Commissioner’s Office in the UK can issue fines up to £20 million (over $25 million) or 4% of an organizations revenue turnover in the event of significant data breaches under GDPR. On the flipside of the coin, fintechs run the risk of faulty production releases if not given the necessary data to test with. 

According to Lancos, some fintechs—particularly those that offer platforms and tools that are delivered via a software-as-a-service (SaaS) model via the cloud—are finding it increasingly difficult to convince institutional firms to trust them with their data. He elaborates that Exate’s technology enables tight controls on sensitive data during cloud migrations, such as revoking or permitting access to data, and only allowing the reconstruction of data within a firm’s firewalls.

Photos provided by Exate.