Most companies collect personal data are only interested in how they will use it to grow their businesses. They do not want to spend their money in keeping it safe as specified in the data protection act definition. From the perspective of an employee, the issue in keeping personal data safe is lack of possession, lack of transparency and security breaches.
Securing personal data using blockchain
Sensitive personal data is valuable and this is also why it’s highly susceptible to hacks. The data at times can even be used in ways that are not transparent to the owners, for instance when doing research or when making more profits.
Apart from that, most of us use social media platforms where we are required to provide personal data. Like in a social media platform like Facebook, at job websites like LinkedIn and even at gambling platforms people give out their personal data in order to register. In those platforms also, people share pictures. Pictures and personal details form a point that can fail the whole system. Whenever a website is hacked, the database where all personal data definition is kept becomes vulnerable.
And things that have happened lately have proven that most of the organizations have not put strict measures in place to prevent their databases from getting compromised. So, our personal data is likely to end up in the hands of the wrong people.
Structural change necessity
There is a European personal data protection act that ensures that organizations are responsible for the personal data they collect. The ico gdpr guidance specifies that any organization that does not protect users’ data will face a serious penalty. Facebook, for instance, might have to pay a fine of 1.63 billion dollars for its latest data breach.
There can even be other serious hacks especially in the health field where personal data can be stolen and used for blackmailing. But instead of entertaining threats from cyber-terrorists, there are some proper methods of addressing this issue.
Read the explanation below:
The issue with the personal data kept in machines unlike in paper is that it can be replicated. For paper cash, blockchain has been able to prevent that feature. It did so by signing transactions cryptographically ensuring they have only one real owner. It also decentralizes and spreads the data to various parts enabling it to tackle one point of failure issue. And even when a hacker manipulates or overwrites any data, he/she will still need to convince most of the system to approve his/her tricks like a true activity.
That functions perfectly in money transactions but that is never the case whenever it comes to gdpr personal data. Blockchain can protect personal information possession rights however it is never good enough to protect it from getting viewed, mostly since many people get a copy of it. That is why we have a concept known as SSI (self-sovereign identities).
The SSI idea
SSI idea is based on the encryption idea. This is where private and public cryptographic keys sign documents. Often, the keys get created using an application and they are unique to everyone. In simple terms, the SSI concept is based on mathematical tricks. In each document, a hash number can be created and this number is unique to every document that exists. The number is gotten through reading the document and putting into consideration the bytes sequence and values.
What follows then is that a private key signs a document implying that a unique number is created. The good thing about this is that it is unidirectional. It is actually the same as guessing numbers because there is no formula used. What they do is simply dividing a number by half of the preceding ones to find out if it is a prime number.
However, the number can get verified using a public key. If we compare the last hash with a public key, we will be able to determine whether you are the actual owner of a document. So, nobody will be able to access the private key, this is also the reason why losing a private key can be a disaster. In Bitcoin, a lot of money got lost due to losing a private key.
SSI applies the concept above in personal data. The personal details are kept in the device of the user and it’s only the necessary sections that will be shared with other people. What this implies is that if you are above eighteen years old you will never need to share your date of birth. The persons that request for it will simply get a “Yes” or “No” reply.
The role of blockchain
It is not possible to share the personal data on a ledger but the coordination between various parties needs to be managed. This is why blockchain is applied. In the example we used earlier, an entity was verifying the age of a user but in this case, they turn to attestators and validators. The entities have contacted the person and have proof of things like a driving license or the certificate of birth. Once a user provides his/her proof, the validators get queried and they are supposed to validate the proof and give a “Yes” or “No” reply as explained earlier.
Other ways how blockchain secures data
1. Enabling users to control their data
All individuals within an organization have the right to access personal data. When a user creates his/her identity online and keeps it with the help of blockchain, the person uses a distributed ledger and not a centralized database. Data that is encrypted is kept in blocks and included in a chain which is distributed on several nodes. Look at this as forming a wallet that holds your personal data the same way the ones for holding and transacting digital money are created.
If another person on a website wants to access your private details, you will not need to provide it. Instead, you will offer a 3rd party access to your personal information for a certain use and for a certain amount of time.
The blockchain and distributed ledger technology has an auditing trail. This means that a user can see what the 3rd party is doing with his/her data. The user will also be able to prevent access to his/her personal data.
Personal data blockchain technology additionally keeps a record of ledger transactions. This information can never be altered and this lowers fraud.
Let’s look at the career of a worker in detail. If a worker has had many employers for several years, then those employers have his/her personal data. This includes things like salary, job ID, trainings undertaken, awards received, performance and more.
When a worker starts a new job, his/her new employer keeps his/her data and can add more to it. It is the duty of an employer to keep employees personal data secure and he/she must never use it for purposes other than those specified on an agreement. A worker also stores a record of details like tax and career.
But a worker can use the data that his/her employer keeps in a better way. This can be done by offering the employer access to the true personal definition of the information in his/her wallet which is necessary for working at his/her company.
The owner of the data can respond to various requests. For instance, an employer can get access to a large amount of data from a long-term employee for a long time.
For other kinds of data, blockchain lets employers to verify a worker’s details without requesting for access. This will get rid of duplicate data keeping, inaccuracy and more.
2. Making data more permanent
With blockchain, personal data becomes more permanent. Even when a company is no longer in operation, once the employee’s details are formed on blockchain they will forever be there. Whatever is kept in blockchain can never be altered or deleted, it can only be added to.
If you have been asking yourself what is personal data or what is a data subject and how is the data protected, we believe you found our article useful. SSI and blockchain are great mechanisms for controlling access to personal data. Write to us if you would like to contribute to this topic. And if you have a question, feel free to write to us too.
Thomas Glare is known to people in the blockchain field. Besides writing, he works at the big Cryptocurrency Company and he has collected lots of personal data from workers. He has tested what he talked about here and knows how it works. He has also written several other articles.