Securing shared personal data
As background to blockchain applications, let me refer to this upcoming webinar:
This is one such blockchain application. Each person can create a blockchain that consists of personal data to be shared with appropriate people in a manner that can be easily administered by the owner. For ease of reference, all such blockchains should be stored in myInfo.org (this domain name is currently not in use).
Authorities such as hospitals, doctors, and paramedics can have access to health-related Personally Identifiable Information (PII) data (where PII is anything that can be used to identify a natural, living person); and researchers can have access to non-PII data. Other information can be shared with people whom the owner explicitly identifies, for example spouse and children. This information may be leveraged in smart contracts, as described by Dr Yeap. His presentation describes other potential uses of blockchains. This blog proposes a combination of hashes, and symmetric and asymmetric encryption keys to protect the PII data.
It would be up to each owner to populate the block contents and policy sections, as they see fit. See the Next Pages below for more details.
Background: At a recent ISACA conference we lamented the lack of a standard way to share personal information in a secure fashion, and later we learned about blockchains. The ideas presented here came after attending the ISACA "Digital Transformation in Government" conference in Ottawa June 12 & 13. I attribute the framework for my ideas to the material presented by:
Note: The original blog (19-06-26) was deemed too long. The blog was revised to shorten the text and remove redundant details. A summary is published as an ISACA Blog for general review by ISACA members.
Last updated: 01-Aug-2019.
[updated manually as comments are received]
Use this form. [On most browsers the form is be too large to fit side by side with the blog text.]
Top (return to list of blog pages)
© 2019, www.piSecAudit.ca