Traditionally, data access decisions are attached to specific use cases and need to be revised should any parameter change (new column, member, application, or regulatory context). They depend on a threat model with assumptions on the auxiliary information an attacker may have and the means reasonably likely to be used for re-identification. Those assumptions need to be reassessed over time.
With Sarus, data access is no longer necessary. Data consumers never see the real data, they only retrieve query results that come, with a mathematical privacy protection: Differential Privacy. This mathematical protection does not depend on the amount of auxiliary information or the means a potential attacker may possess. For that reason, Differential Privacy has become the de facto standard of all privacy research and is widely adopted by public and private organizations to protect sensitive data.
Data owners can define privacy policy templates based on principles, not on the specificities of the data or the requestor. Those templates can be deployed across all data assets with the same level of protection, no matter how sensitive the source data is. Decisions are future-proof because they don't depend on auxiliary information that may be made available to a potential attacker in the future.
Non-movement of data also means that data processing and data storage all happen in one place. Data transfers are no longer necessary to collaborate across countries or subsidiaries, considerably simplifying large projects in multinational organizations.
