Ensuring Privacy on the Enterprise Blockchain
A real, and critical concern of businesses today is the threat of data breaches. One of the largest such breaches to occur in 2017 was that of Equifax, where 143 million consumers’ personal information was compromised, while credit card data of another 209,000 consumers was exposed. Equifax failed to meet the EU’s General Data Protection Regulation (GDPR) guideline of notification within 72 hours. The breach that had occurred in July 2017 was only made public in September of that year.
Travel and tourism aren’t the only sectors to be affected by this problem. Quora, a question-answers website, experienced a similar attack, with account information of 100 million of its users being stolen, including email addresses, names, encrypted passwords and more. The 2018 revelation that incited even more public discussion on privacy was the Facebook data breaches. Data of 87 million users was harvested by Cambridge Analytica, a third-party data analytics firm, for political purposes.
Data privacy is not only about being responsible for customer security. An annual study by the Ponemon Institute revealed that the average global cost of breaches reached $3.86 million in 2018, an increase of 6.4% from 2017. This occurred, despite the regulatory guidelines on security and privacy that all businesses need to comply with.
Existing Data Protection Regulations
According to the EU Charter of Fundamental Rights, EU citizens have the right to protection of their personal information. For this, several regulations have been put in place, such as:
- The General Data Protection Regulation (GDPR), which lays down guidelines for the processing and free movement of personal data, with a special focus on the need for data protection in the digital age.
- The Data Protection Law Enforcement Directive, which outlines what constitute criminal offense with regard to the processing of personal data, especially with regard to such data being used for law enforcement purposes.
- The European Data Protection Board (EDPB) was formed in 2018, with extensive powers to oversee disputes between the supervisory authorities of EU nations and provide guidance on key concepts included in the GDPR and the Data Protection Law Enforcement Directive.
In the US, there is no single federal law that regulates the collection and use of personal data across the nation, although there have been various Congressional attempts to standardize data protection laws at the federal level. Instead of a national law, there are several state guidelines, self-regulatory frameworks and ”best practices.” Having said that, there are some laws that do work well for data protection, such as:
- The Federal Trade Commission Act, which is a consumer protection law that specifies offline and online data security and privacy policies.
- The Financial Services Monetization Act, which regulates data collection, use and disclosure, specifically of financial information.
- The Health Insurance Portability and Accountability Act (HIPAA) outlines the data protection guidelines for the healthcare sector in the country.
- The Electronic Communications Privacy Act
- The Computer Fraud and Abuse Act
Despite every country in the world having put in place regulations for data protection of its citizens, data breaches are an unfortunate reality. One technology that does offer a solution is blockchain.
Why Businesses are Looking at Blockchain for Data Privacy
The decentralized ledger technology publicly tracks and verifies records. The very nature of the technology means that private data is not stored in a central location, so a single point of attack cannot breach security. It allows for digital assets to be stored in a way that does not permit copying or duplication without permission. The records are immutable and disseminated to every node.
While blockchain does hold huge promise when it comes to data protection, the existing mechanisms have not always worked. In a study titled Evaluating User Privacy in Bitcoin, it was found that the profiles of close to 40% users of a blockchain network could be accessed despite the adoption of the privacy measures recommended by Bitcoin.
The NEC Solution
In view of the existing challenges to data privacy and security, even with blockchain solutions, NEC worked to create countermeasures that would address these needs more effectively. NEC’s enterprise blockchain solution not only takes care of the problems of scalability and transaction speed, but also allows secure asset transfer and enhances privacy.
The blockchain network is based on satellite chains that allow different consensus protocols to run in parallel. It allows consensus to be achieved with fewer verification rounds, meaning less communication, as compared to the existing BFT protocols. It also needs fewer nodes to withstand faulty nodes within the system. The network is kept private and confidential, accessible only to relevant stakeholders, while users who are not part of any private ledger on the network have no access to the data.
In addition, the NEC enterprise blockchain solution allows for the functioning of an independent, “hands-off” regulator, who can track and monitor the entire system and even publish or enforce financial regulations in a flexible manner across all transactions.
Data protection is the need of the hour for any business that wishes to establish trust among its clientele. This is what the NEC blockchain has effectively achieved.
(February 28, 2020)