The following interview is a conversation we had with Patricia Thaine, Co-Founder & CEO of Private AI, on our podcast Category Visionaries. You can view the full episode here: Over $11 Million Raised to Help Organizations Anonymize PII to Achieve Regulatory Compliance.
Patricia Thaine
Thanks so much for having me, Brett. Excited to speak.
Brett
Yeah, no problem. So before we can talk about what you’re building there, could we just start with a quick summary of who you are and a bit more about your background?
Patricia Thaine
Sure, yeah. So I come from the background in doing research in privacy, preserving natural language, and spoken language processing, mainly working on cryptography and combining that with, I guess, vectors and numbers to be able to compute on them in the encrypted domain. And then I put my PhD on hold to start private AI.
Brett
Did you always know that you would eventually do a startup, or did that just come up as you saw the opportunity?
Patricia Thaine
I knew from my masters that I wanted to do a startup, and I started a PhD in order to do a startup.
Brett
Okay, got it. And two questions we like to ask just to better understand what makes you tick as a founder, CEO, and leader, what CEO do you admire the most and what have you learned from that?
Patricia Thaine
Yeah, I think Jennifer Arnold, she’s another series A founder, so I really admire her and her company, Minerva AI, because it’s basically the way she runs her company, the way that she is quickly scaling the company, the way that she came up with a problem to solve along with her co founders. All of that is pretty impressive. So to give you an idea, she was pretty high up there in antimoney laundering at CIBC, one of the big five banks in Canada, and her co founder noticed that there was this massive problem that it took three days of backlog for analysts to build up profiles of people for know your customer. And that is required in order to prevent anti money laundering. That’s required in order to prevent human trafficking. That is linked to anti money laundering. And so it poses us massive problems to financial institutions, and they can do it in a matter of seconds now.
Patricia Thaine
And they started this with a handful of people and have been able to scale incredibly quickly and supply tech to very large companies and do so in a way that they never expected was possible. So I very much admire everything about her.
Brett
Awesome. That’s awesome. It’s really nice to hear about a founder and entrepreneur as well who’s not one of the big obvious tech leaders or tech CEOs. It’s always fun to hear about a name that I don’t know, and then I can go and explore and look into what they’re doing. So thanks for sharing.
Patricia Thaine
Yeah, of course. Thank you.
Brett
And what about books? Is there a specific book that’s had a major impact on you as a founder? And this can be a business book or it could be a personal book that really just influenced how you view the world?
Patricia Thaine
There is, yeah. Recently I read this book called how the world really works by VA claus mel. He’s a canadian academic in the prairies, and he wrote this book talking about the major problems that we’re faced with when it comes to actually dealing with climate change. And the way that he frames the problem, explains the mountains that we have to climb, but also puts it in perspective of what’s possible and what technological advances are has made me really think through the privacy problem that the world is facing in a different way.
Brett
Nice. I’ll check that out. And let’s talk now about that privacy problem. So what’s going on with privacy? It seems like every day there’s a new breach. My data has been exposed. Have I been poned and the numbers are sad. I’ve definitely been poned. So how would you describe the state of privacy today?
Patricia Thaine
I’d say it’s optimistic for the most part. I’d say we’re in the very beginnings of understanding what is possible. And when it comes to a lot of the times, you’ll hear people say that legislation lags behind tech. The data protection regulations that are out there, the stringent ones like the GDPR, were really ahead of their time when it comes to what tech was capable of doing and what were they were demanding of organizations. So tech is now playing massive catch up to be able to help organizations comply with those data protection regulations. So I think a lot of the things that people thought were impossible before or were very far away from being possible before, are becoming closer to reality. And that’s really exciting.
Brett
And from your perspective, do you feel that things like GDPR have had a major impact? I guess my view as like a consumer, whenever I’m in europe, I just view it as it’s another big pop up that I have to click around, and that’s it. But do you think it’s been impactful from a privacy perspective?
Patricia Thaine
Absolutely. Let me put it this way. Organizations, one of the main things that they had to do when GDPR came into play was to scramble to figure out what kind of data they actually had. That means that people’s data, personal data, was just floating around in random parts of an organization, and they had no idea where it was. There was no way of actually quantifying the risk associated to the personal data that they held and think about how much organizing these organizations had to do in order to say this person’s personal information are in this and this location. These are the people that have access to this person’s personal information. So even though as a consumer you might not be seeing a lot of that, it is a struggle that has put people’s affair in order. And that’s already a huge step into making the right choices when it comes to how to deal with that data, who to share that data with, who has appropriate access controls within an organization.
Patricia Thaine
And with these larger and larger cybersecurity risks or breaches occurring, the GDPR could not have come at a better time. Except for maybe early.
Brett
And you mentioned there it’s the first step. What’s the next step, do you think, just in terms of regulation? Where do we go from here and what do you see as coming up in maybe like the next three to five years? Do you have a perspective there?
Patricia Thaine
Yeah, what we’re working on at private AI is working on what’s coming up in the next three to five years. And it’s really about unlocking the value that companies have in the 80% to 90% of the data that they collect. So that’s unstructured data. And it’s only very recently, in 2019, really, that machine learning started to be good enough to be usable for this problem. And what that also means is that machine learning has finally become good enough to start truly unlocking the value of this kind of data reliably. In addition to that, there are more and more teams that actually understand what machine learning can do for their data and more teams that understand how to deploy machine learning models. So what we’re going to see in the next three to five years is a scramble from organizations to be able to figure out how to handle that data in a way that brings them value.
Patricia Thaine
But first and foremost, they have to do it in a way that’s compliant with regulations. And privacy has to be there in an easy way for them to integrate so that they don’t have to tailor, make software that they are actually not experts in creating.
Brett
Fascinating. And to zoom out here on privacy specifically, how old were you, would you say, when you really latched on to privacy and said, that’s something I want to research. I’m really interested in that. When did that start and where did that come from?
Patricia Thaine
Yeah, I think I was 23 or 24, probably 23. And it came from first starting to look into acoustic, forensics, so who’s speaking and recording what kind of educational background they have and so on. And the goal there is the more information that you have about a speaker, the more you can categorize the speakers that you have, the better you can tailor automatic speech recognition systems for them. And so if you’re tailoring automatic speech recognition systems with this data, there does pose massive privacy problems because you have to collect that information from the speakers in the first place. But also because of those massive privacy problems, there’s all this data that engineers could be using to improve their systems that they can’t get access to. So two sides to that coin. So my supervisor at the time had mentioned homomorphic encryption, so I started looking at homomorphic encryption and working on combining that with natural language and spoken language processing.
Patricia Thaine
Spun out version 1.0 of private AI in 2017 with that idea of combining homomorphic encryption, which allows you to compute on encrypted data with natural language processing to do semantic search on encrypted data. So looking for synonyms and semantically similar words on data that has been encrypted rather than identical keyword matches. Got the interest of a couple of financial institutions, but ultimately scrapped it because it wasn’t going to scale and spent another year doing research.
Brett
Got it. Fascinating. Well, let’s dive a bit deeper now into Private AI. So I see that there’s a couple of products that you have available. Do you want to choose one of those products to talk through? Do you want to talk through what the platform in general looks like? Where would you like to go from here?
Patricia Thaine
Yeah, I think it’s fairly straightforward to describe as a whole. So the whole idea is if you’ve got unstructured data or semi structured data or even structured data, in some cases, you need to figure out what’s in that data in the first place in order to identify risk, in order to determine what kind of personal information you need to deal with in order to be compliant. And what we help with is with very highly accurate identification, redaction and replacement of personal identifiable information depending on the task. And we do so across 47 different languages because we strongly believe that privacy isn’t just for the English speaking world. So we’ve got the ability, for example, to help companies make their customer service data, PCI, HIPAA or GDPR compliant by removing the personal information from logs. We’ve got the ability to determine what the risk is associated to a data lake across multiple different file types and give that in a very accurate way, report in a way that data loss prevention providers can’t because they focus on speed rather than accuracy.
Patricia Thaine
And one really cool thing that we can do is also create synthetic person and tribal information so you keep as much of the context as possible in a conversation with a chat bot, for example. So you could replace names with fake names, locations with fake locations, and then feed that into a chat bot as training data. And that chat bot is not risking memorizing the person and viable information as has happened before in the past with certain companies and then spewing out that information in production. And it also can prevent downstream model accuracy loss as a result because the data that you’re dealing with is very natural looking, very fluent.
Brett
Wow, fascinating. And can you talk to us a little bit about the adoption and traction that you’ve seen so far?
Patricia Thaine
Sure, yeah, I mean, we’ve approximately four X last year. We see adoption in conversational AI, so ASR in Chatbots, we see adoption insurance and banking and healthcare organizations, including in disease control. We see adoption in pharmaceutical, so it’s very horizontal. And we see adoption in North America as well as Europe and Asia Pacific. So also very global.
Brett
And I think I read maybe that was a press release that Europe was where you initially went to market. Is that accurate? And if so, is that just because of the GDPR compliance there?
Patricia Thaine
Actually, the first market went to was the US. Those were our first customers as well as Canada. We are mainly focusing on Europe now because of the GDPR, because of our vast language capabilities and beyond the GDPR, they really understand privacy and the need for privacy. So they’ve been through a history that has made them appreciate privacy in a way that we have not fully grasped yet here in the US and Canada.
Brett
And do you think the US and Canada are going to catch up eventually then to Europe in terms of appreciation.
Patricia Thaine
For privacy or in terms of compliance requirements?
Brett
Appreciation for privacy.
Patricia Thaine
That appreciation for privacy came from horrible things. So while I would hope we can catch up, I hope we can do so in a way that Europe that’s not the same way that Europe had to go through.
Brett
Yeah, makes a whole lot of sense. And talk to us about maybe we can pick a case study from your website or one of the testimonials there. Could you just talk us through what that looks like from your customers end and what they’re getting when they start using your platform?
Patricia Thaine
Sure. So we believe in making sure that data gets transferred to as few parties as possible, and therefore we deploy directly in our customers environment, and they deploy our product as a container that runs as a Rest API. And then they can integrate us anywhere they want in their software pipeline and call it the Rest API by using post requests.
Brett
Got it. And for these companies, what’s their main motivation? Is it that it helps them be compliant? Or is it more that they can then go and tell their users that their data is being secured in this way?
Patricia Thaine
Oh, it’s quite a few different things. So sometimes it’s compliance, PCI compliance, HIPAA compliance when it comes to the US. Sometimes it’s GDPR compliance, sometimes it’s data sharing, sometimes it’s risk analysis that they need to do in order to show the C suite, for example. Sometimes it’s because their customers are demanding it and they see the results. And sometimes it’s to get access to more data from their customers as well because they have a clause in their contract saying that they have to deidentify the data before getting access to it.
Brett
Interesting. What are your views when it comes to market categories? Do you view this as a totally new market category that’s being created, or is this part of an existing category and it’s transforming and redefining that existing category?
Patricia Thaine
I’d say it’s probably a new market category because it’s not the same as cybersecurity. There’s data governance tools and that’s also something that’s a little separate related to privacy, but still not the same as privacy engineering tools. So privacy engineering tools are really nascent and I’d say that we probably fit in under that as well as a little bit under data governance, which in itself is a bit of a new category as well. Yeah, a bunch of different companies had to come up with solutions when the GDPR popped up.
Brett
Yeah, I can imagine. And given the space that you’re in, what’s the last maybe two months been like for you? Obviously there’s been a lot of buzz around Chat GPT. Have you seen interest from investors, have you seen more interest from customers as Chat GPT has really blown up?
Patricia Thaine
Sure, yeah, there’s a lot of interest in what data can be sent to Chat DBT and what can’t. I think, however, that there’s still a lot of just surprise around Chat DPT that people, once they get over it, will start talking even more about what the ethical uses are of the data that’s sent over. There’s a lot of talk about bias, there’s a bit of talk about privacy, and we have gotten interest as a result of that.
Brett
Fascinating. And in terms of go to market, what would you say has been the greatest challenge that you faced so far?
Patricia Thaine
I think getting the first customer is always hard. That was by pure chance because somebody I was talking to had talked to a friend who had to solve this problem quickly or their customer would be unhappy. So we got in touch and they onboarded in two weeks and it was with a very early version of our product and we had been looking for a customer like that for a bit of time at that point. And then that really triggered our understanding of how to sell the product, essentially. So how to talk about it, how to make it so that people understand what we do is usually the biggest go to market challenge for products that are a little bit more complex and technical.
Brett
And what framework or process do you follow to try to refine that message and refine that story and really simplify that story? Are there any useful frameworks or processes that you followed?
Patricia Thaine
Yeah, lots of testing. Testing different types of messaging, keeping track of which messaging works and which doesn’t, looking at how people are talking about it out there. So talking to prospects and asking them. What terminology do you use when you talk about this problem? And also trying to put content out there that explains what we’re doing and why? That is a slow trickle process, but it does help.
Brett
And if we zoom out into the future, what’s the three year vision for Private AI?
Patricia Thaine
I mean, we’re already a global company. Ideally, we’re also going to be in Africa and Latin America, and our goal is to build a privacy layer for software. So we started Private AI thinking people are going to want to integrate privacy technology as early as possible in the pipeline so they can minimize the risk as early as possible. And that means on the edge. So in cell phones, in browser, on prem and private cloud. But were too early in 2019 for edge deployment. There was very little interest there, but the interest we got was for on prem and private cloud. Ultimately, I think in three to five years, hopefully we’ll be embedded directly within devices as well as people become a little bit more comfortable when it comes to privacy engineering and also as they become more comfortable making computation happen on the edge. And I think that will open up a world of possibilities with what we can do with data on device and making data private on device directly.
Brett
And if we look at that vision, which part of that or what excites you most about this vision and the work you get to do every day as you work to execute on that.
Patricia Thaine
Vision, it’s so much impact and it’s such an important problem to solve. It’s one of the two most important problems that the world is facing today, and that’s privacy and climate change. And to be working one of those is a privilege.
Brett
I love it. It’s amazing. All right, unfortunately, that’s all we’re going to have time to cover for today’s interview before we wrap up here. If people want to follow along with your journey, where’s the best place for them to go?
Patricia Thaine
I post some stuff on LinkedIn that might be a good place to go. There’s also our website, www.private.com, and we post several blog posts about what’s going on in the privacy space, what kind of things to look out for in machine learning and privacy. So good place to take a look at the latest and greatest in privacy preserving, natural language processing and so on.
Brett
Awesome. Well, thank you so much for taking the time to talk, share your story and talk about this vision. This has all been super fun and exciting and hope to have you back on in a couple of years to let us know how the global domination has gone.
Patricia Thaine
Thank you so much, Brett. Really appreciate being on your show.
Brett
No problem. Take care. Bye.