Personally Identifiable Information and Distributed Ledgers

PII (personally identifiable information) is a valuable component of every individual’s life. Governments and organizations take significant efforts to protect this data on the local and international level. As information technologies evolve, though, the issue of safeguarding PII becomes increasingly complex. PII is assuming importance in the modern business processes based on the KYC (Know Your Customer) concept.

In the context of the blockchain and distributed ledgers technologies, the following aspects of securing personally identifiable information are of great importance:

  • Protecting PII of an information system’s users;
  • Protecting the data that can be considered personal and resides within the ledger;
  • Protecting the data that can be deemed personal and resides outside the ledger, but is referenced in ledger entries;
  • Protecting the information about transactions being performed with ledger entries.

Most of the modern approaches to maintaining personally identifiable information, which are explicated in international legislation, revolve around the presence of an operator responsible for processing this data in compliance with legal provisions. Such a perspective stems directly from the centralized architecture of the existing information systems.

The principles conventionally underlying the blockchain (distributed ledger) technology ideologically echo back to Timothy May’s well-known Crypto Anarchist Manifesto. It comes down to the possibility of creating a self-governed society that doesn’t depend on supervisory authorities. According to the theory, this initiative should be based on the use of cryptographic mechanisms and anonymization, that is, a separation of an individual’s digital avatar and his real-world representation.

This idea was at the core of creating the Bitcoin cryptocurrency based on a publicly available ledger, the so-called blockchain that stores all data about the system’s status (transactions completed) and allows every user to verify the correctness of these transactions.

On the one hand, this sort of architecture doesn’t presuppose the presence of the above-mentioned personal data (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by David Balaban. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/9KWvbu_v-VU/