Table of Contents
- Purpose of the Report
- Introduction to Privacy-Enhancing Technologies (PETs)
- Types of PETs and Plain-Language Explanations: A Glossary
- Key Considerations for Decision-Making
- Combining PETs to Maximize Utility and Privacy
- Practical Considerations and Barriers to PET Adoption
- Advancing the Use of Privacy-Enhancing Technologies
- Conclusion
- Appendix 1. Key Term Definitions
- Appendix 2. Key Evaluation Questions for Privacy-Enhancing Technologies (PETs)
Introduction to Privacy-Enhancing Technologies (PETs)
Privacy Matters
Governments should and do rely on data to allocate resources, assess policy impact, and improve public services. From tracking public health trends to optimizing educational attainment, data-driven decision-making enables more efficient and informed governance. However, the growing scale of data collection and sharing also heightens privacy risks—particularly as more personal information is aggregated and stored across public and private systems.1 Consumer data, including financial records, location history, and online activity, is increasingly intertwined with government-held information, creating broader exposure to breaches, misuse, and re-identification.2
Without proper safeguards, sensitive personal data can be exploited, leading to real-world harm. For example, the 2015 U.S. Office of Personnel Management (OPM) breach compromised the records of millions of federal employees, exposing Social Security numbers, personnel records, and even extensive information about employees’ friends and relatives provided as part of applications for security clearance.3 Similar risks exist in the private sector, where high-profile breaches have exposed data from credit card details to genetic information.4 Such incidents erode public trust and illustrate the dangers of concentrating vast amounts of sensitive information in centralized, highly accessible systems.5
“When data is consolidated across agencies and sectors, insider threats, unauthorized access, and political misuse become greater risks.”
Large, integrated databases offer efficiency and convenience, but they also create single points of failure.6 When data is consolidated across agencies and sectors, insider threats, unauthorized access, and political misuse become greater risks.7 Recent high-profile cases have underscored how individuals with privileged access—whether through government positions or corporate control—can exploit these databases in ways that put people and systems at risk.8
Privacy-enhancing technologies (PETs) can provide technical solutions to mitigate these risks at every stage of the data lifecycle—collection, processing, use, storage, and sharing.9 By decentralizing access, limiting exposure of sensitive data, and enabling secure analysis, PETs help balance data utility with privacy protection. As governments and companies continue to modernize their digital infrastructure, PETs must be a core component of responsible data governance, ensuring that data utility does not come at the expense of individual privacy and security.10
What Are PETs?
Privacy-enhancing technologies (PETs) refer to a diverse set of tools and methodologies designed to ensure that data can be used, analyzed, and shared without compromising the privacy of the people whose data has been collected.11 These technologies mitigate risks by applying cryptographic techniques, anonymization methods, and secure computation processes.12 PETs are particularly critical for safeguarding the privacy of individuals whose data is held by governments, businesses, and research institutions—whether it’s citizens interacting with public services, consumers generating digital footprints, or patients contributing to medical research. By reducing the risk of exposure, PETs allow organizations to extract insights from data while maintaining trust and compliance with privacy protections.13
Why Do PETs Matter?
Government data breaches can have far-reaching consequences, exposing sensitive personal information and undermining confidence in public institutions.14 With vast amounts of data—including Social Security numbers, health records, and immigration details—at risk, breaches can lead to identity theft, financial fraud, or personal safety risks.15 Additionally, compromised government databases can be exploited for political or foreign interference, weakening national security.16 Public distrust in data security can reduce participation in critical government programs, limiting the effectiveness of services and policy initiatives.17 By integrating PETs, governments can minimize these risks, enhancing both the security of public data systems and the trust of the people they serve.
As data use grows across sectors, the need for robust privacy safeguards becomes more urgent. PETs contribute to safeguards by:
- Minimizing trust requirements: Using technical measures to enforce restrictions on data access and processing, instead of relying solely on policies and contracts to protect privacy.
- Enabling secure data collaboration: Facilitating secure data sharing across organizations without exposing raw datasets, preserving confidentiality and privacy.
- Supporting ethical data use and legal compliance: Helping governments and organizations adhere to laws that mandate de-identification, access restrictions, and limitations on purpose and use, safeguarding ethical data-handling practices.18
One of the key advantages of PETs is their ability to facilitate public-interest data sharing. Governments often need to share information across agencies, with research institutions, or with private-sector partners to drive innovation and improve public services.19 PETs can enable this type of collaboration while limiting disclosure and without compromising individuals’ privacy.20
Government agencies handle vast amounts of personal, financial, and health-related data. Ensuring that this data is shared and processed securely is critical for:
- Cross-agency collaboration: Enabling government entities to securely analyze and link data across departments while maintaining privacy protections in compliance with legal and ethical standards.
- Public trust and transparency: Encouraging citizen support for data-driven initiatives by ensuring their privacy is safeguarded through secure data practices.
- Privacy policy and regulatory compliance: Helping agencies meet legal and regulatory requirements by ensuring personal data is processed in accordance with privacy laws, including data minimization, consent management, and data retention policies.21
In practice, PETs can support a wide range of use cases, such as:
- Health data research: Enabling secure data-sharing frameworks for medical research while protecting patient confidentiality.
- Fraud detection and prevention: Analyzing financial transactions securely without exposing personal financial details.
- Census and demographic analysis: Aggregating census data to analyze trends without accessing personally identifiable information.
By embedding PETs into government data strategies, agencies can unlock the value of data while protecting individuals’ rights and upholding ethical standards.
Citations
- Organization for Economic Cooperation and Development (OECD), Enhancing Access to and Sharing of Data (OECD Publishing, 2019), source.
- U.S. Government Accountability Office (GAO), Consumer Data: Increasing Use Poses Risks to Privacy (GAO, 2022), source.
- Ellen Nakashima, “Hacks of OPM Databases Compromised 22.1 Million People, Federal Authorities Say,” Washington Post, July 9, 2015, source.
- “Equifax Data Breach,” Electronic Privacy Information Center, source; Jenny Kleeman, “DNA Testing: What Happens If Your Genetic Data Is Hacked?,” BBC, February 12, 2024, source.
- “Public Interest Privacy Legislation Principles,” National Consumers League, November 13, 2018, source.
- Zeynep Tufekci, “Here Are the Digital Clues to What Musk Is Really Up To,” New York Times, February 21, 2025, source.
- Jacob Leibenluft, “DOGE” Access to Treasury Payment Systems Raises Serious Risks (Center on Budget and Policy Priorities, 2025), source.
- “DOGE Is Putting the Country’s Data and Computing Infrastructure at Risk, HKS Expert Argues,” Harvard Kennedy School, February 19, 2025, source.
- U.K. Information Commissioner’s Office (ICO), Chapter 5: Privacy-Enhancing Technologies (PETs) (ICO, 2022), source.
- Sydney Saubestre, What’s the Value of Privacy? (New America, 2024), source.
- United Nations (UN) BigData, The PET Guide: The United Nations Guide on Privacy-Enhancing Technologies for Official Statistics (UN Committee of Experts on Big Data and Data Science for Official Statistics, 2023), source.
- Centre for Data Ethics and Innovation (CEDI), Privacy-Enhancing Technologies Adoption Guide (CDEI, 2021), source.
- Organization for Economic Cooperation and Development, “Emerging Privacy-Enhancing Technologies,” OECD Digital Economy Papers, no. 351 (2023), source.
- Danielle K. Citron and Daniel Solove, “Risk and Anxiety: A Theory of Data Breach Harms,” Texas Law Review, 96 (2018): 737–786, source.
- “As Internet User Numbers Swell Due to Pandemic, UN Forum Discusses Measures to Improve Safety of Cyberspace,” United Nations Department of Economic and Social Affairs, source.
- Sean Lyngaas, “Chinese Hackers Breached US Government Office That Assesses Foreign Investments For National Security Risks,” CNN, January 10, 2025, source.
- Michele Gilman and Rebecca Green, “The Surveillance Gap: The Harms of Extreme Privacy and Data Marginalization,” NYU Review of Law and Social Change 42, no. 2 (2018), source.
- U.K. Information Commissioner’s Office, Chapter 5, source.
- Adita Karkera et al., Bridging the Data Sharing Chasm (Deloitte Insights, 2023), source.
- Chris Sadler, Protecting Privacy in Data Releases (New America, 2020), source.
- Simon Fondrie-Teitler, “Keeping Your Privacy-Enhancing Technology (PET) Promises,” Office of Technology Blog, Federal Trade Commission, February 1, 2024, source.