Blog

YuTru preserves privacy unlike any other system that holds your personally identifiable information (PII) in PNG today. We introduce strict privacy and security because we feel everyone should have the right to privacy over their information.  

“Building inclusive and trusted digital ID systems therefore requires proactive measures to protect people’s data by design and by default. This includes legal and technical safeguards, as well as operational controls, to address risks related to data privacy and security.” (World Bank 2021, source)

As a digital identification scheme implementing what are global norms and principles for privacy and security, we need to do things differently from other companies trusted with your personal data – after all, this is our only job – to act on your behalf and facilitate trust in the economy. So some of the things we do to preserve privacy and maintain security can seem impossible until you know how it is done.

Let us explain. When you fill out registration forms or open accounts at a business in PNG today, you pretty much handover your personal data and you trust that in the custody of that company, your personal data will be safe, not misused, not open to prying eyes, and not be used for marketing and advertising, unless you consent to it. Do you really think that nobody sees your data? Of course not. 

Your data is visible to a range of staff, can be misused, lost, stolen, left on a flash drive on someone’s desk. You know it’s true because you hear about it. You know that every day, companies here and abroad lose customer data: Equifax 147 million records, UnderArmour 143 million, Marriott 383 million, Yahoo! 3 billion, Sony 77 million, Target 40 million, MySpace, eBay, Home Depot, and the list goes on.

YuTru holds your data in a different way. We ensure that your data is safe because we hold a locked and obscured version of it. Only you can unlock the data. You’re in control of it at all times. When a relier asks about you, we check that they are permitted to do so, and then we answer their query without ever disclosing the data to them. In that way, they never know your personally identifiable information(PII), and for that matter neither do we.

Here’s an example of how that works: a relier asks if Mary is over the age of 18 or not? Rather than handing out Mary’s date of birth so that the relier can not only figure out Mary is over the age of 18 but also that she happens to be 32 years old, we respond with a yes or no answer and never divulge Mary’s date of birth. The relier has zero-knowledge about Mary’s date of birth, but we certify that we have proof she is over 18 years of age. Mary’s date of birth remains private, the relier knows it can legally offer Mary a Pina Colada, and YuTru comes to the rescue protecting Mary’s privacy but enabling trust in the PNG economy.