s Blockchain Data Privacy & Compliance Services

Key Points

  1. address use cases for PII, personal usage data etc
  2. summarize regs - GDPR, CCPA, TCPA, HIPAA, HL7
  3. review opportunity, challenges
  4. summarize HLF features related - cryptography, identities, private data, off-chain etc
  5. demo cpaper private data


References

Reference_description_with_linked_URLs_______________________Notes______________________________________________________________




https://blogs.microsoft.com/eupolicy/2022/05/18/microsoft-responds-to-european-cloud-provider-feedback-with-new-programs-and-principles/Microsoft European Cloud Principles - 2022

https://blogs.microsoft.com/eupolicy/2022/12/15/eu-data-boundary-cloud-rollout/

https://www.yahoo.com/finance/news/microsoft-roll-data-boundary-eu-050518483.html

Microsoft creates EU Data Boundary for EU customers to support GDPR - 2023

European Union cloud customers will be able to process and store parts of their data in the region from Jan. 1

https://drive.google.com/open?id=1MaBwU9LrfRij-taPQpxKndMqhzouGklAenterprise_blockchain_data_compliance_concepts.pptx
presentation - Data Privacy Concepts and Strategies using Hyperledger Fabric.docx
session1-VINblock-presentation-proposal-Global-Forum-2020-download__cs9B6cPfNnXznnzg3BbrDTGkmGMzqz.pdf
session2-DCS-data-privacy-concepts-strategies.pdf
https://www.cpomagazine.com/data-privacy/gdpr-compliant-blockchain-personal-
data-privacy-in-blockchain/
Blockchain article on GDPR and Fabric - Priti *


200608-liveworx-boston-online-reg.rainfocus.com-Registration.pdf
liveworx-2020-cfp-connected-vehicle-identity-blockchain-jim-mason.docx
global-forum-2020-VINblock-session-download__rCv32Znk5PV2hsmV82G7Prn3zMpnRN.zip




Sichern One-Sheet.pdf
sichern-data-slides-v1.pptx
Sichern-data-compliance-whitepaper-short-version.201906.docx
Sichern Summary PDF (for site download).docx
DMX_FCA_data services - Copy.docx
DMX - Blockchain and Data Compliance Services.v2.pptx




Related regulations


https://www.linkedin.com/posts/roblesliesedicii_blockchain-and-the-general-data-protection
-ugcPost-6626110475820118016-lcht

eu-can-DLT-support-GDPR-2020-study-document.pdf

EU Study 2020- can DLT support GDPR fully?
blockchain-gdpr-compliance-study-2019-document.pdfEU 2019 - GDPR Compliance Study
EU-blockchain-report-2019-Blockchain-today-tomorrow-document.pdfEU 2019 - Blockchain report
DTCC-dlt-governance-2019-document.pdfDTCC blockchain governance for custodians 2019


Summary of Data Privacy and Compliance Regulations by Country

Summary of Data Privacy and Compliance Regulations by Country pdf



CCPA

CCPA
m Blockchain Healthcare#drummond-group-hipaa-checklist2pdf.pdf-compliancechecklisttrackingandblockchainHIPAA - privacy compliance checklist

TIPPSS for clinical data

HL7

EHR

SOC2

IEEE


Data Governance


https://profisee.com/data-governance-what-why-how-who/

data-governance-profisee.com-Data Governance What Why How Who 15 Best Practices.pdf

Data Governance Concepts & Tools









Key Concepts




Potential Value Opportunities



Potential Challenges


Organizations Regulating Data Privacy in EU


Dmitrii FilatovDmitrii Filatov• 3rd+• 3rd+💡DPO | Privacy and Data Protection Expert | FIP, CIPP/E, CIPT | 

https://www.linkedin.com/posts/mwrxyz_dsr-dsar-privacy-activity-7117411040195145728-ODlq?utm_source=share&utm_medium=member_desktop

I created a list of useful materials related to the Data Subject [Access] Requests (#DSR / #DSAR).

Please like 👍, save 📨 , and repost 🔁 if you find it useful 🙏
🖱 Click on the bell in my profile 🔔 so you don't miss my new posts with useful information.

🔴 You can find my other collections of #privacy-related materials on Patreon (https://lnkd.in/diSAfZD2).

✒ If you can suggest what could be added to this list, feel free to write in the comments or in DM! 😉

🔶 European Data Protection Board
🔸 Guidelines 01/2022 on data subject rights - Right of access: https://lnkd.in/d2BHmic3

🔶 Office of the Data Protection Authority
🔸 Subject Access Requests (for Data Subjects): https://lnkd.in/dBKRK6WR
🔸 Data Subject Access Requests (for Controllers): https://lnkd.in/dNFPfxbp
🔸 How to respond to ‘subject access’ request: https://lnkd.in/dKpNbGEB

🔶 Data Protection Commission Ireland
🔸 Subject Access Requests: A Data Controller’s Guide: https://lnkd.in/dxBUTbSA
🔸 Data Subject Access Requests – FAQs: https://lnkd.in/d7iWV9DG

🔶 Information Commissioner's Office
🔸 A guide to individual rights: https://lnkd.in/dyMUqF7t
🔸 Right of access: https://lnkd.in/d8m4WM_i
🔸How to deal with a request for information: a step-by-step guide: https://lnkd.in/drURSj2B
🔸 Make a subject access request: https://lnkd.in/dqCWYgRN

🔶 CNIL - Commission Nationale de l'Informatique et des Libertés
🔸 Professionals: how to respond to a request for access rights? [in French]: https://lnkd.in/dsuFZ-Pf

🔶 The DPO Centre Ltd and Exiger
🔸 Tackling Complex Data Subject Access Requests (DSARs): https://lnkd.in/dCFkTKie

🔶 Data Protection Network Associates
🔸 Guide to Data Subject Access Requests: https://lnkd.in/dGV9yGMz

🔶 Integritetsskyddsmyndigheten (Swedish DPA)
🔸 The data subject’s rights: https://lnkd.in/dU39GTcZ

🔶 Osano
🔸 DSARs and Beyond: Managing data privacy rights and responsibilities: https://lnkd.in/dqiqBCFk

🔶 Personal Data Protection Commission (PDPC) [Singapore]
🔸 Guide to handling access requests: https://lnkd.in/d6gWm6TB





EU Study 2020 - Can DLT be reconciled with GDPR?

https://media-exp1.licdn.com/dms/document/C4D1FAQFNjRDa_UFpUA/feedshare-document-pdf-analyzed/0?e=1579921200&v=beta&t=tjfq9vil_cU6TPcRFbsV6SL5ESEpoRln9caq13A_LOY

eu-can-DLT-support-GDPR-2020-study-document.pdf

Thanks @Biser Dimitrov for the report. I agree with the issues raised. GDPR is challenging to comply with. Even more, legal interpretations of key GDPR requirements are not yet settled.

I disagree with the concept that compliance may not be achievable with today's advanced DLT solutions. We looked at scenarios for different interpretations of key features such as "right to erasure" etc and found it possible to engineer DLT solutions that were compliant in all cases. Beyond technology, a compliant solution requires "end-to-end" engineering in most cases. In addition, operation of the solution matters, especially operation and governance on data management and  compliance rules.



Candidate Solutions



Free Google Tool to Find Your Private Data

tool

https://myactivity.google.com/results-about-you. tool

docs on google data privacy tool

https://blog.google/products/search/new-privacy-tools/


https://www.rd.com/article/results-about-you/

In an age when the personal and financial information of billions of people is floating around online, just waiting for data brokers to snap it up and sell it, privacy has become a major concern. Google, a name synonymous with online search, recognized this issue when it announced the Results About You tool in May 2022 before officially rolling it out that October.

Soon, Google will take privacy control further by notifying users when their private information surfaces in searches, enabling them to promptly take action and regain control over their digital footprint. Here’s what you need to know to take advantage of Results About You alerts and avoid potential identity theft.



Microsoft announces the phased rollout of the EU Data Boundary for the Microsoft Cloud begins January 1, 2023

https://blogs.microsoft.com/eupolicy/2022/12/15/eu-data-boundary-cloud-rollout/

Microsoft will begin a phased rollout of our EU Data Boundary solution to public sector and commercial customers in the European Union (EU) and the European Free Trade Association (EFTA).

Microsoft offers data residency and proximity in more locations than any other cloud provider, enabling residency options for the entire Microsoft Cloud suite of online services, including Microsoft 365, Dynamics 365, Power Platform and Azure.

Microsoft will offer customers the ability to store and process their customer data within the EU Data Boundary for Microsoft 365, Azure, Power Platform and Dynamics 365 services. With this release, Microsoft expands on existing local storage and processing commitments, greatly reducing data flows out of Europe and building on our industry-leading data residency solutions.

In coming phases of the EU Data Boundary, Microsoft will expand the EU Data Boundary solution to include the storage and processing of additional categories of personal data, including data provided when receiving technical support.

Microsoft’s cloud services already comply with or exceed EU requirements, and the EU Data Boundary will further enable public sector and commercial customers in the EU and the EFTA to have their data processed and stored within the region. In addition, with the rollout of the EU Data Boundary, Microsoft will publish new data flow documentation on the new EU Data Boundary Trust Center webpage to provide transparent data insights for customers whose services will be included in the boundary.


Microsoft European Cloud Principles - 2022

https://blogs.microsoft.com/eupolicy/2022/05/18/microsoft-responds-to-european-cloud-provider-feedback-with-new-programs-and-principles/






Blockchain article on GDPR and Fabric - Priti

https://www.cpomagazine.com/data-privacy/gdpr-compliant-blockchain-personal-data-privacy-in-blockchain/

  1. Off-chain storage (Private database)
  2. Hash or fingerprint of data or metadata on a blockchain (limitations for small-sized data)
  3. Anonymization of data (Pseudonymization not permitted)

Private data collection in Hyperledger Fabric

Hyperledger Fabric uses cryptography mechanisms to maintain transaction confidentiality and access control. Fabric offers an in-built facility of using a private database where a hash of private data is stored on blockchain. As hash is a one-way function, guessing the private data from the hash is difficult. To make the hash more resilient to brute-force attack – a. Hashing algorithms generating longer bits like SHA-512 b. random salt with the private data should be used.

Transient field – To maintain the privacy of data while communicating from client to authorized peers in organizations, transient field is used which is excluded in channel transaction.

blockToLive – This property in private data collection defines the lifetime of data on a private database. If the blockchain achieves a certain block height (a value can be set), data automatically gets deleted from the private database and to keep data forever in the private database the value of blockToLive is set to 0. Referring to one of the fundamental rights of GDPR, ‘right to erasure’ is also supported in a controlled way by Hyperledger Fabric.

Hyperledger fabric



Step-by-step guide for Example



sample code block

sample code block
 



Recommended Next Steps