TripleBlind secures $24M for a new approach to enterprise-level, privacy-preserving data sharing

Organizations that have made the leap into using big data to drive their business are increasingly looking for better, more efficient ways to share data with others without compromising privacy and data protection laws, and that is ushering in a rush of technologists building a number of new approaches to fill that need. In the latest development, a startup called TripleBlind — which has devised a way to encrypt data so that it can be shared without ever being decrypted or even leaving the data owner’s firewall, and keeping the whole process compliant with data protection regulations — is announcing new funding on the heels of strong demand for its technology.

The Kansas City, Missouri startup has closed a round of $24 million, a Series A that it will be using to continue developing its technology and to extend into a wider range of enterprise verticals. The round is being co-led by General Catalyst and the Mayo Clinic, with AVG Basecamp Fund, Accenture Ventures, Clocktower Technology Ventures, Dolby Family Ventures, Flyover Capital, KCRise Fund, NextGen Venture Partners and Wavemaker Three-Sixty Health also participating. The round was oversubscribed but the company is not disclosing its valuation. It’s raised more than $32 million to date.

TripleBlind’s platform, which officially launched in November 2020, is compliant today with data privacy and data residency regulations in some 100 countries, HIPAA, GDPR and California’s CCPA among them. The company estimates there are some 43 zetabytes of data stored by enterprises today globally that is not being used as it could be because of the limitations imposed both by these and other data protection rules, as well as general hesitancy over sharing IP and other issues around sharing data. It works with data in a variety of formats, including PII, PHI, genomic data, images and confidential financial records.

As an indicator of where TripleBlind is finding initial traction for its product, Mayo — one of the world’s leading institutions for medical research — is one of TripleBlind’s strategic investors. Mayo is using its technology both around data encryption and to help build algorithms based on data sets without needing to share raw data.

This addresses a longstanding problem typically faced when two institutions (or even one institution working with multiple data sets) collaborate: normally, they have to transfer data and/or algorithms based on that data, in order to train systems or to conduct research.

With TripleBlind, the idea is that they no longer have to. (The “triple” in its name is a reference to TripleBlind or a receiving data user variously being “blind to data, blind to processing, and blind to the result.”)

“Bringing together AI algorithms and data in ways that preserve privacy and intellectual property is one of the keys to delivering the next generation of digital medicine,” says John Halamka, M.D., president of Mayo Clinic Platform. “These novel privacy-protected solutions promise to usher a new era of collaboration.” Halamka and Shail Jain, global managing director, Data & AI from Accenture, are both joining as board observers with this round.

Mayo Clinic also invested an undisclosed amount in an extension to TripleBlind’s $8.2 million seed round. Mayo Clinic is not its only strategic backer: Accenture and Okta are two others; other customers include Snowflake.

Riddhiman Das, TripleBlind’s co-founder and CEO, said in an interview that healthcare and medical research continue to be big areas for TripleBlind, and that it is seeing growing interest also from financial services, media and utilities.

Innovations in big data analytics are opening up new frontiers in how organizations can pool wider bodies of knowledge to help them make breakthroughs and develop new algorithms in areas that have often been presented as figurative black holes, whether that is in medical research, or training an autonomous system, or tracking network activity for trends or malfunctions, or around better information about customer sentiment, or something else altogether.

The catch is that we’re in an age where privacy and data protection matter more than ever, not just from a regulatory point of view, but from our own tastes as consumers, and, in the case of businesses, as a matter of intellectual property protection, so using data liberally comes with a lot of caveats, if not outright restrictions.

We’re seeing an interesting proliferation of technologies being honed to address this paradox, including applications of homomorphic encryption, synthetic datasets, federated learning and putting data “on the blockchain,” among others

TripleBlind’s approach has been to create a system that it believes addresses the various issues exposed by other approaches: for example, homomorphic encryption is resource-intensive and hard to scale; tokenization/masking/hashing and differential privacy reduces accuracy; synthetic data is not actual real data; federated learning leaves open the potential for data reconstruction; and blockchain is not set up for data sharing.

(On the other hand, and to the credit of a lot of the wider community of technologists working in this area, those working on specific solutions are, in fact, moving to blended approaches, borrowing pieces from different techniques, as a next-generation approach, TripleBlind included.)

At TripleBlind, Das said he started to think about trying out a new approach to sharing data without compromising data protection or privacy when he was previously working at Alibaba’s Ant. The financial services giant had, in 2017, acquired eye-scanning biometrics startup EyeVerify for $100 million — where Das was the product architect — but the acquisition was not developing as Ant had hoped: it ran into controversy over privacy issues, or what Das described as “data access issues.”

More specifically, “We struggled with accessing data to improve our models and the precision of the service,” he said. So he moved over from there into corporate development.

(In fact, Alibaba never did manage to square that circle, and now it is reportedly looking to divest the company, which has now been rebranded as the more vague-sounding Zoloz.)

In his new role, Das said he started to see a bigger picture emerge about how enterprises, Ant specifically and others more generally, tackle data and privacy issues. It covered more than just biometrics.

“We also had problems in accessing data for anti-money laundering, know your customer algorithms, and more,” he said. Regulations around data residency and privacy “really hindered our ability to use data.”

He spent years evaluating different solutions and eventually came upon the idea of building something a little different to approach the same problem: “The predominant school of thought on data privacy is that it’s about computational privacy” — that is, encryption — “but there are restrictions around contractual limitations.” TripleBlind still applies encryption to data and algorithms, but its patented approach to encryption and the architecture of how data is used mean that the data never leaves its owner when it’s being used in computations.

That is the critical point for investors.

“TripleBlind is an incredible platform for empowering companies to collaborate on data while preserving privacy, data rights and intellectual property. Particularly important today in the healthcare industry, as the lack of data mobility results in fragmented and non-optimal care,” said Quentin Clark, managing director, General Catalyst. “At General Catalyst we believe that TripleBlind’s platform for enabling teams to work together with the most private and sensitive data is a necessary part of how companies will be able have agility while respecting the privacy of their customers, and the intellectual property of their partners. We are thrilled to work with the TripleBlind team as they work to achieve their mission.”