Data can be an organization’s best friend and its worst enemy.
While companies need personal information in order to provide a valuable product, possessing large amounts of data carries an equal amount of risk, making it an attractive target for hackers.
It is a realization Evident Founder and CEO David Thomas said motivated him and his team to create a new solution in order to fix this high-risk problem.
“We looked at that and said there’s got to be a way to put together a technical solution that allows businesses and individuals to securely share and verify private data,” said Thomas in a phone conversation with Privacy Tech. “Instead of putting an additional piece of protection here and there, let’s go at the root cause of this problem, which is essentially companies having to hold and store and process so much private data in order to operate their business.”
Thomas and his team created the Evident solution, a tool designed for organizations to obtain the information they need in order to facilitate their business, while ensuring the client company, and Evident, never holds onto any personally identifiable information themselves.
Based in Atlanta, Evident was founded in early 2016 by three cybersecurity professionals and is currently approaching 20 staff members, with Thomas saying the company has been experiencing growth on a monthly basis.
Evident’s solution recently caught the eye of several investors, obtaining $8.8 million in Series A funding, led by the New Enterprise Associates. When asked about leading the way on funding Evident, NEA Partner Vanessa Larco cited the fact that the company also does not hold onto any processed PII.
“The way that they are managing the encryption keys for the data that they leverage is really clever. Out of all the other personal identification companies out there, I haven’t heard of anyone taking this approach,” said Larco. "These guys come from the security world, they think security first, and I think that will be very important in this industry.”
Evident’s solution starts by providing an API to a business to send out requests for information. Data subjects receive the request and enter their information into a “wallet” enabled by Evident’s software. Evident connects the “wallet” to several authoritative sources, including public records, licensing authorities, certification and accreditation organizations, and government agencies, either confirming or contradicting facts about the data subject, then sends the results back to the business.
While all of this is going on, Evident ensures the business never sees the source of where the data is coming from.
“If there are ten things that a company needs to know about a user, then they can ask those ten things, and we keep the business from ever having to see the source data that actually proves that the individual has those credentials,” said Thomas. “A business could know that a person has an insurance policy that has appropriate coverage terms in it without ever having to see the policy or even hold the details of the policy if they’d like to avoid that.”
Thomas said Evident’s approach is beneficial to both businesses and users. Organizations can avoid holding onto sensitive data, while users have the ability to consent to a data transaction and see what data is sent. Requests are made through a software-as-a-service solution, but data subjects could receive additional requests via a link sent in an email, or through Evident’s app if they have worked with the company before by engaging in a verification process with one of the company's partners.
Thomas said Evident’s solution is aimed toward any company needing to handle verified data. Offering companies the opportunity to use verified data, but never having to hold onto the information is the major difference Thomas sees when comparing Evident to the competition.
“Our belief is that other solutions are much more piecemeal than that,” said Thomas. “They require multiple relationships with multiple companies that each have different types of data, which force these businesses into a situation where they have to handle a lot of private data, if not store that private data.”
It’s a sentiment shared by Larco and the NEA. Larco applauded Evident for acting as the intermediary layer for those companies not wanting to hold data. Larco also had high praise for the Evident team. “I thought the team was phenomenal,” said Larco. “They are just really intelligent, honest, excited and determined people. They work really well together. We had great time spending several days digging into their technology and business model.”
The NEA is currently working with Evident to build up their company by honing in on their value propositions and identifying the verticals for the company to go after, such as digital security, traditional at-home services, the gig economy, and the freelance space.
Larco added Evident’s solution is coming in at the right time, as attacks such as the Equifax data breach highlight the dangers of having large amounts of data in concentrated areas.
Even with Evident’s product currently available, Thomas, his team, and the NEA continue to work to enhance the solution. Thomas said Evident is keeping an eye on the EU General Data Protection Regulation, ensuring the solution becomes a useful tool to help companies comply with the regulation.
As major data breaches continue at an alarming rate, Thomas says his solution will be a valuable asset in the years to come.
“I don’t think there’s any question that we have to look at how to change the root cause of these breaches, and I don’t think it’s in anyone’s best interest for all of this private data to be spread around in so many different places,” said Thomas. “We have to put together the technology alternatives that make it possible not to spread all that personal data around. We see the need for that growing substantially.”
If you want to comment on this post, you need to login.