Turn Privacy Compliance into a business advantage in a pandemic-constrained world
The pandemic is forcing companies to slash budgets and put nonessential projects on hold. But history teaches us that companies can act boldly and take advantage of opportunities by managing risks better when economic cycles shift. To succeed, leading organizations must pursue digital investments that will help them “win in the turns”. An essential component of all new products and service offerings in the pandemic era will be centered on proactive privacy by design, going beyond the compliance requirements handed by GDPR and CCPA. Privacy and security will enable a business to cultivate new ecosystems, engage partners, and win customers by making them secure and comfortable to participate and transact as first-class citizens. In fact, the $500 million euros in fines issued for compliance can not only be circumvented but supplanted with new revenue from privacy oriented product flavors.
Current solutions
There are several software management solutions that have designed workflows to manage compliance such as awareness, data mapping, consumer request fulfillment, cookie management, vendor risk, and incidence reports. Examples of such companies, in no particular order, are OneTrust, TrustArc, WireWheel, Centrl, Datagrail, SAIGlobal, DPOrganizer, Osano, InCountry, Privitar, and BigID. These are great tools to help manage the requirement and avert fines. However, these new processes require several people to manage the effort and is difficult to scale when customer requests and deletion rates grow exponentially. Moreover, fundamentally, the customer does not achieve real privacy and transparency, and the company is still liable for privacy breaches, regardless of compliance requirements.
New add-on approach
If a company really wants to solve the privacy issue and achieve zero-liability, then they should give full ownership and control of data to the customer and provide transparency of data activities. An architecture shown below allows the user to own a storage allocation on a trusted platform to upload their data, and then share an encrypted link to the company. The business then uses this authtoken to download a copy for their application, without any change to their current IT processes. This is depicted architecturally below in a 3-step process, where the user
1) owns data and can upload, updated, delete encrypted data,
2) share authentication token to the company, and
3) allow the company to download their data.
This simple 3-step process is recorded and displayed transparently to the customers, without the need for complex processes that is expensive to scale with customer requests of access and deletion of their data. The responsibility now lies with the customer, and not the company.
Shifting Liability
With user ownership and control of data and a transparent process of securely sharing it to the company, the onus of privacy protection is shifted to the customer. And for the hacker, it’s very difficult to attack a lot of customers as they need to steal the keys individually, one by one.
With liabilities shifted to the user, the company needs to make sure that the data is well protected, all activities recorded on the ledger, and prevent any type of breach.
Preventing Breach
Copies are inherently vulnerable because the hacker needs to attack the most vulnerable server to get access to ALL customer data. One approach to prevent this attack mode is to split the data into multiple servers with different keys. Now, the attacker needs all the keys to get access as depicted below. The implementation of this architecture is fairly simple as the server access keys can be distributed among teams and individuals within the organization.
The Business Advantage
0Chain provides automation of liability and breach protection on a transparent, trusted platform for the company to lower operational costs. Less personnel and IT hires are needed for compliance and data protection migration.
On the demand side, the company can now brand themselves as a leader in privacy and gain higher usage, ad revenues and separate their product(s) in the market. They can even tout security and privacy and introduce a new add-on product to their customers, especially with Covid-19, where customers are working from home and vulnerable to an endpoint security breach.
How it Works
The trusted platform mentioned above can be deployed on premises, cloud, or a hybrid environment. The user interface automatically creates a key and an allocation, and stores the key based on the user’s password, so that only the user can have access to their key and data. This key is registered on the platform’s blockchain and any action of uploading a new file (e.g. post, image, video), updating an existing file (e.g. user profile data), and deleting them are recorded immutably on the ledger. The files are automatically shared to the business via an authtoken such that only the business can decrypt and use it for their operations. Each time the company uses customer data, they need to make a note of the metadata on the blockchain, thereby creating a transparent audit trail for users to instantly visualize it and have complete trust in the organization. And this can be made as a parallel batch operation offline without the need to block existing inline data used by the company for their daily business activities.
Deployment Phases
To migrate customer data to this trusted platform would require a simple phased approach. In the first phase, only new data would be sent to the platform, perhaps as an add-on product offering. In the second phase, older data can be migrated. In subsequent phases, granular datasets can be implemented to have a higher level of precision permission settings that can be offered to the customer, perhaps with additional fees.
FAQs
1 How do you achieve zero liability?
Since the user owns and controls the data at all times, the company is not liable. User provides explicit permission via signed transactions which cannot be disputed since their actions are recorded on the blockchain and immutable, something that a company cannot go back and change their database records.
2 How do you make breach impossible?
Since the file is split into multiple servers, hacker needs to have keys to all of them to gain access. This is a configurable feature, and with each server split, it is an order of magnitude more difficult to get hold of the keys, as long as they are distributed across individuals and teams.
3 Does 0Chain replace the current privacy software tools?
We do not replace current tools and you can continue to use them. 0Chain provides dual protection. It helps protect your data better, and shifts liability compliance to the user. Also, it can handle billions of customer privacy requests, and provides instant compliance reports from ledger transactions using integrated search tool for specific files, users, and activities, that anyone, even a user, can have access, and so it can be viewed as an open trusted compliance platform by customers.
4 How do users ensure that the enterprise aligns with their consented dataset?
Whenever a dataset is used by the enterprise, they should send a signed transaction with the metadata of the content to record such activity. If the company misuses the dataset, the user can mount a challenge based on the exposed data and the agreed upon consent that is recorded on the ledger.
5 How does 0Chain help with Covid-19?
0Chain provides a less expensive, more scalable platform to protect data and manage compliance, offering dual protection. Regarding demand generation, 0Chain provides additional privacy and protection for your customers, which is monetizable, given that a lot of people are working from home and will continue to do so in the future. In this context, a company has a better ROI with 0Chain platform for data protection, privacy compliance, and demand generation.
To learn more, go to our website and try our product on the cloud.
