A quantum computer can find one item in a list of one trillion in about one second. A classical computer takes about a week to do the same. The ability of quantum computers to factor so many possibilities, so quickly has serious implications for data privacy – brute force attacks could soon crack even the most advanced encryption schemes.
With quantum technologies rapidly maturing, responding to this must be a priority for privacy leaders. Organisations need to review their privacy strategy, build flexibility so they can respond to an evolving market, and educate people at all levels about quantum’s possibilities.
A quantum-secure privacy strategy analyses existing technical and organisational security measures to ensure resilience in the future. And we recommend organisations have one in place by the end of 2022.
As quantum technology matures and becomes more widely adopted, it will bring about a shift in privacy. For example, quantum computers will be able to break current encryption standards, such as RSA, challenging the GDPR security principle. With encryption often essential to securing personal data, adopting quantum-resistant cryptography will be key to protecting people and complying with privacy regulations. Crucially, this means quantum safe encryption needs to be in place before a quantum computer that can crack public-key cryptography (PKC) exists.
To do this, analyse your organisation’s existing technological infrastructure, in particular cryptographic infrastructure, to identify improvements now, rather than as a reaction to a data breach. Understanding what algorithms your organisation is using and setting out plans to adopt quantum safe cryptographic products will ensure privacy by design in the long term. This will become particularly important as 2022 will see the introduction of quantum safe encryption standards, which will accelerate the transition away from, and/or increase the security of, PKC.
Quantum-secure privacy strategies will also need to carefully analyse and consider the impacts of cross-border data transfers. You need to identify countries that have accelerating quantum capabilities, such as China or the US, and laws and practices that allow authorities access to personal data in transit. You then need to ensure you have effective technical measures, such as quantum-safe encryption, in place to secure data transmission across borders.
Of course, not all the impacts of quantum technology are foreseeable today, so it’s vital to build a flexible privacy strategy that’s resilient to future legislative changes. For example, it currently takes an organisation an average of 200 days to detect a data breach. Quantum sensing technology will bring more efficient early warning systems, with near real time detection of changes to the confidentiality or integrity of personal data.
Current data breach reporting requirements (such as within 72 hours for GDPR) are likely to change to account for a drastically reduced intrusion detection time. Quantum-secure privacy strategies will recognise fast developing technologies and bake in the ability to pivot in an evolving regulatory landscape. A quantum-secure privacy strategy would incorporate simulating breach response exercises with a much shorter reporting timeframe than today’s, helping to futureproof your organisational incident response processes.
Educating your workforce at all levels is crucial to fostering a privacy-savvy culture that understands the impacts of new technologies and applies principles of privacy by design. As new products and services are developed, ensuring people have the right quantum knowledge is key.
For example, quantum technologies are set to enhance the optimisation of targeted advertising through more complex data analysis and behaviour simulations. This raises significant privacy challenges, such as ensuring you have the appropriate legal basis to use the technology in such a way. An organisation aware of privacy principles, as well as quantum technologies, will be better equipped to harness the opportunities that quantum technologies bring, with privacy at the core.
With quantum technology quickly maturing, it’s imperative to start changing your organisation’s thinking around data privacy. The questions that quantum technology raises for privacy are in their infancy but are wide reaching. By acting today to review your privacy strategy with quantum technology in mind, building in flexibility and educating people about the new privacy risks quantum pose, you’ll be able to position your organisation to protect your customers’ privacy in the quantum age.