For companies looking to leverage data to gain insights and value — and who isn't doing this right now? — the practice is fraught with privacy risk, especially with the EU General Data Protection Regulation around the corner. That means tech startups are busy designing and rolling out solutions for secondary use while respecting the confidentiality of data. Importantly, venture capital is funding some of these solutions.

That's certainly the case with London-based tech startup Privitar. In July, the company announced it sealed $16 million in Series A funding to expand its privacy technology platform into the U.S. market, bringing its total funding thus far up to a hefty $21 million.

"These are exciting times," Privitar CEO Jason du Preez explained during a phone conversation with Privacy Tech. "We're really creating what is almost a new segment in the space. There's a lot of education that goes into that process. The feedback we're getting from our clients is that the tech space is confusing right now. There are a lot of adjacent segments using the same language, particularly with regard to the GDPR."

Privitar, like so many privacy technology companies in the space, touts its use of privacy by design. Its technology allows organizations to get insight into what data they have and its level of sensitivity while assessing the corresponding privacy risks associated with that data set.

Du Preez describes Privitar as a "privacy engineering" company. "There is a whole category of vendors that do risk assessments and how to translate those into compliance policy," du Preez said. "We do things quite differently. Privacy engineering is what I call it, something I think NIST (the National Institute of Standards and Technology) coined back in 2014. Privacy engineering is the use of technological controls to protect against privacy risk."

He brought up NIST's triad of transparency, accountability and associability as inspiration for what Privitar does: "We interpret that as: How do you apply controls within an organization in a way that is scalable and works at an enterprise level?"

Privitar has unveiled two specific products: Privitar Publisher and Privitar Lens. The former applies a privacy policy to sensitive data to create what it calls an "anonymized copy" for use in investigative analytics, machine learning and sharing with trusted parties. It encrypts the identifying fields in the dataset and also adds noise to the rest of the data to prevent re-identification. It also allows for management and auditing of the anonymization process while providing a means to share data with trusted parties with controls to relinquish shared data.

Privitar Lens, on the other hand, is a "query interface" API for reporting and statistical analysis while preventing access to the underlying sensitive data. The technology includes strict and individualized access controls and logs all queries for auditing purposes. It also measures the total privacy risk across multiple queries. If the risk grows too high, it will discontinue releasing new query results. Like Publisher, it also injects differential privacy to help mitigate data leaks and re-identification.

"There's no point in providing access to a completely anonymized data set that is useless or biased," du Preez said. "So we balanced that equation by providing rich, quantitative metrics." He added, "Our central thesis is this: Can I disambiguate the utility in the data without harmful identification of confidential aspects of that data? If I can do that, then these techniques will work very well."

He said there are four main industries Privitar is marketing to at this point, but on the whole, application of their product is use-case driven. The financial services industry is their biggest market, but they've been transitioning into other verticals, including pharmaceuticals, government and, most recently, telcos.

De Preez also was careful to point out that Privitar is a product company, not a consultant.

And though this latest round of funding comes at an opportune time as companies ramp up for the GDPR, du Preez says Privitar is not driven by the forthcoming regulation. "The biggest driver thus far is the trust relationship our clients have with their customers. For those adopting privacy-by-design principles, that's a natural course to follow," he said.

"At least 70 percent of our clients are ahead of the regs, looking to drive innovation on data without disrupting the trust relationship," he said. "The real catalyst for us is having more organizations embrace data-driven insights."