Securing shared personal data

Introduction [190801A]

As background to blockchain applications, let me refer to this upcoming webinar:
BrightTALK webinar Sept 19, 2019, 11:00am: Enterprise Blockchain: Practical Applications & Industry Trends
Since its inception, blockchain has quickly evolved to mean much more than just Bitcoin. More and more enterprises are looking to blockchain and distributed ledger technology (DLT) for solutions around data security, data privacy, encryption and compliance. We are living in an era of hypersensitivity where both employees and consumers are hyper-aware of where, when and how their data is being used. Because of regulations like GDPR, CCPA, HIPAA and others, enterprises need to adopt a proactive instead of reactive approach to data management, security and compliance. Practical applications of blockchain in the enterprise have the ability to push organizations handling large amounts of 3rd party PII and sensitive data into the future, all while remaining safe, secure and compliant.

This is one such blockchain application. Each person can create a blockchain that consists of personal data to be shared with appropriate people in a manner that can be easily administered by the owner. For ease of reference, all such blockchains should be stored in (this domain name is currently not in use).

Authorities such as hospitals, doctors, and paramedics can have access to health-related Personally Identifiable Information (PII) data (where PII is anything that can be used to identify a natural, living person); and researchers can have access to non-PII data. Other information can be shared with people whom the owner explicitly identifies, for example spouse and children. This information may be leveraged in smart contracts, as described by Dr Yeap. His presentation describes other potential uses of blockchains. This blog proposes a combination of hashes, and symmetric and asymmetric encryption keys to protect the PII data.

It would be up to each owner to populate the block contents and policy sections, as they see fit. See the Next Pages below for more details.

Background: At a recent ISACA conference we lamented the lack of a standard way to share personal information in a secure fashion, and later we learned about blockchains. The ideas presented here came after attending the ISACA "Digital Transformation in Government" conference in Ottawa June 12 & 13. I attribute the framework for my ideas to the material presented by:
Dr Liam Peyton (uOttawa Vice-Dean) discussed the architecture and security in community health care;
Dr Tet Yeap (uOttawa) described the blockchain in basic terms.

Note: The original blog (19-06-26) was deemed too long. The blog was revised to shorten the text and remove redundant details. A summary is published as an ISACA Blog for general review by ISACA members.

Next page

Last updated: 01-Aug-2019.

Comments received

[updated manually as comments are received]


Use this form. [On most browsers the form is be too large to fit side by side with the blog text.]

Top (return to list of blog pages)

Your Comments

To leave a comment, please complete the form and press Submit.

*  Required fields
Your information


Top (return to list of blog pages)

© 2019,