Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Key Points

  1. address use cases for PII, personal usage data etc
  2. summarize regs - GDPR, CCPA, TCPA, HIPAA, HL7
  3. review opportunity, challenges
  4. summarize HLF features related - cryptography, identities, private data, off-chain etc
  5. demo cpaper private data


References

Reference_description_with_linked_URLs_______________________Notes______________________________________________________________




https://blogs.microsoft.com/eupolicy/2022/05/18/microsoft-responds-to-european-cloud-provider-feedback-with-new-programs-and-principles/Microsoft European Cloud Principles - 2022

https://blogs.microsoft.com/eupolicy/2022/12/15/eu-data-boundary-cloud-rollout/

https://www.yahoo.com/finance/news/microsoft-roll-data-boundary-eu-050518483.html

Microsoft creates EU Data Boundary for EU customers to support GDPR - 2023

European Union cloud customers will be able to process and store parts of their data in the region from Jan. 1

https://drive.google.com/open?id=1MaBwU9LrfRij-taPQpxKndMqhzouGklAenterprise_blockchain_data_compliance_concepts.pptx
presentation - Data Privacy Concepts and Strategies using Hyperledger Fabric.docx
session1-VINblock-presentation-proposal-Global-Forum-2020-download__cs9B6cPfNnXznnzg3BbrDTGkmGMzqz.pdf
session2-DCS-data-privacy-concepts-strategies.pdf
https://www.cpomagazine.com/data-privacy/gdpr-compliant-blockchain-personal-
data-privacy-in-blockchain/
Blockchain article on GDPR and Fabric - Priti *


200608-liveworx-boston-online-reg.rainfocus.com-Registration.pdf
liveworx-2020-cfp-connected-vehicle-identity-blockchain-jim-mason.docx
global-forum-2020-VINblock-session-download__rCv32Znk5PV2hsmV82G7Prn3zMpnRN.zip




Sichern One-Sheet.pdf
sichern-data-slides-v1.pptx
Sichern-data-compliance-whitepaper-short-version.201906.docx
Sichern Summary PDF (for site download).docx
DMX_FCA_data services - Copy.docx
DMX - Blockchain and Data Compliance Services.v2.pptx




Related regulations


https://www.linkedin.com/posts/roblesliesedicii_blockchain-and-the-general-data-protection
-ugcPost-6626110475820118016-lcht

eu-can-DLT-support-GDPR-2020-study-document.pdf

EU Study 2020- can DLT support GDPR fully?
blockchain-gdpr-compliance-study-2019-document.pdfEU 2019 - GDPR Compliance Study
EU-blockchain-report-2019-Blockchain-today-tomorrow-document.pdfEU 2019 - Blockchain report
DTCC-dlt-governance-2019-document.pdfDTCC blockchain governance for custodians 2019


Summary of Data Privacy and Compliance Regulations by Country

Summary of Data Privacy and Compliance Regulations by Country pdf



CCPA

CCPA

HIPAA

TIPPSS for clinical data

HL7

EHR

SOC2

IEEE


Data Governance


https://profisee.com/data-governance-what-why-how-who/

data-governance-profisee.com-Data Governance What Why How Who 15 Best Practices.pdf

Data Governance Concepts & Tools









Key Concepts




Potential Value Opportunities



Potential Challenges




EU Study 2020 - Can DLT be reconciled with GDPR?

https://media-exp1.licdn.com/dms/document/C4D1FAQFNjRDa_UFpUA/feedshare-document-pdf-analyzed/0?e=1579921200&v=beta&t=tjfq9vil_cU6TPcRFbsV6SL5ESEpoRln9caq13A_LOY

eu-can-DLT-support-GDPR-2020-study-document.pdf

Thanks @Biser Dimitrov for the report. I agree with the issues raised. GDPR is challenging to comply with. Even more, legal interpretations of key GDPR requirements are not yet settled.

I disagree with the concept that compliance may not be achievable with today's advanced DLT solutions. We looked at scenarios for different interpretations of key features such as "right to erasure" etc and found it possible to engineer DLT solutions that were compliant in all cases. Beyond technology, a compliant solution requires "end-to-end" engineering in most cases. In addition, operation of the solution matters, especially operation and governance on data management and  compliance rules.



Candidate Solutions


Microsoft announces the phased rollout of the EU Data Boundary for the Microsoft Cloud begins January 1, 2023

https://blogs.microsoft.com/eupolicy/2022/12/15/eu-data-boundary-cloud-rollout/

Microsoft will begin a phased rollout of our EU Data Boundary solution to public sector and commercial customers in the European Union (EU) and the European Free Trade Association (EFTA).

Microsoft offers data residency and proximity in more locations than any other cloud provider, enabling residency options for the entire Microsoft Cloud suite of online services, including Microsoft 365, Dynamics 365, Power Platform and Azure.

Microsoft will offer customers the ability to store and process their customer data within the EU Data Boundary for Microsoft 365, Azure, Power Platform and Dynamics 365 services. With this release, Microsoft expands on existing local storage and processing commitments, greatly reducing data flows out of Europe and building on our industry-leading data residency solutions.

In coming phases of the EU Data Boundary, Microsoft will expand the EU Data Boundary solution to include the storage and processing of additional categories of personal data, including data provided when receiving technical support.

Microsoft’s cloud services already comply with or exceed EU requirements, and the EU Data Boundary will further enable public sector and commercial customers in the EU and the EFTA to have their data processed and stored within the region. In addition, with the rollout of the EU Data Boundary, Microsoft will publish new data flow documentation on the new EU Data Boundary Trust Center webpage to provide transparent data insights for customers whose services will be included in the boundary.


Microsoft European Cloud Principles - 2022

https://blogs.microsoft.com/eupolicy/2022/05/18/microsoft-responds-to-european-cloud-provider-feedback-with-new-programs-and-principles/






Blockchain article on GDPR and Fabric - Priti

https://www.cpomagazine.com/data-privacy/gdpr-compliant-blockchain-personal-data-privacy-in-blockchain/

  1. Off-chain storage (Private database)
  2. Hash or fingerprint of data or metadata on a blockchain (limitations for small-sized data)
  3. Anonymization of data (Pseudonymization not permitted)

Private data collection in Hyperledger Fabric

Hyperledger Fabric uses cryptography mechanisms to maintain transaction confidentiality and access control. Fabric offers an in-built facility of using a private database where a hash of private data is stored on blockchain. As hash is a one-way function, guessing the private data from the hash is difficult. To make the hash more resilient to brute-force attack – a. Hashing algorithms generating longer bits like SHA-512 b. random salt with the private data should be used.

Transient field – To maintain the privacy of data while communicating from client to authorized peers in organizations, transient field is used which is excluded in channel transaction.

blockToLive – This property in private data collection defines the lifetime of data on a private database. If the blockchain achieves a certain block height (a value can be set), data automatically gets deleted from the private database and to keep data forever in the private database the value of blockToLive is set to 0. Referring to one of the fundamental rights of GDPR, ‘right to erasure’ is also supported in a controlled way by Hyperledger Fabric.

Hyperledger fabric



Step-by-step guide for Example



sample code block

sample code block
 



Recommended Next Steps



  • No labels