Innovation Technology

How does blockchain secure personal data?

Blockchain secures personal data

by Anita Lettink

This is the second in a series of blogs introducing the application of blockchain in HR and payroll processes. We explore how blockchain secures personal data know as Personal Identifiable Information (PII).

Previously, we introduced the basics of Distributed Ledger Technology (DLT), known as blockchain.

Privacy is a hot topic

The European General Data Protection Regulation (GDPR) protects the privacy of personal online records. Since established in 2018, companies must meet all requirements.

Therefore P!!, especially the ownership of PII, is central to this legislation. GDPR aims to give PII owners better protection. Also, it secures personal data and ensures it is respected and not vulnerable to abuse.

Thanks to GDPR, control of PII belongs to the owner, who must consent to third-party usage.

Challenges of data protection

From a data owner perspective, the problem of protecting personal data is threefold:

  • Lack of ownership
  • Lack of transparency
  • Security breaches

Blockchain secures personal data

Companies store enormous amounts of PII on customers and employees. As a result, phishing schemes target HR to gain access to valuable employee data.

In the past, data use lacked transparency. People didn’t know who was using their data, or how. Now with GDPR, consent is mandatory for purposes such as analytics, profit.  Owners gained control and blockchain secures personal data.

Covering your social footprint

Many people use social media. For example, we store career data on LinkedIn and share photos with friends on Facebook. We leave credit card numbers with online banking or shopping services.

These sites collect our data and store it on their servers. From a technological standpoint, data stored in one place is dangerous. They call it a single point of failure. Because, if the site gets hacked, the database and personal records are vulnerable to fraud.

Recent events prove security must be a priority. When a database is compromised or copied, information lands in the wrong hands. For example, data security breaches at Equifax and Facebook put millions of users at risk.

So how can blockchain help to secure personal data?

DLT puts the control of personal data back into the hands of the owner. Create your identity online and store it using blockchain is safer. A distributed ledger replaces a central database.

Think of it as creating a “wallet” to hold PII and transact digital currencies.

For instance, when a site asks for your data, you don’t need to enter it. Instead, you give a third-party access to your wallet for a defined use during a specific period. The third-party gets your permission to look, but they do not store you information.

Regaining control of your PII

DLT contains an audit trail allowing you to see how a third-party uses your data. Also, you can revoke access. Such control shifts the power of (and profit from) data back to individual users.

The DLT records each transaction and maintains a permanent and unalterable historical record of transactions in the ledger. Therefore, the potential for fraud is virtually eliminated.

Consider an employee’s career. If they had several employers, over the years, each employer has stored personal data for this employee. Types of data include ID, work permits, performance reviews, training completed, certifications, job changes, pay increases, etc.

When an employee changes jobs, the new employer stores most of that information, and adds to it. The employer is responsible for keeping that data safe, not using it for purposes outside of consent, and disposing of it within legal timeframes.

An employee keeps records of all that data too for career, tax, and legal purposes. They retain a copy for their records

More power for employees

But how can we make better use of the data that the employee stores herself? For instance, to make job performance updates.

The data owner can respond to different requests. The employer can request data access from a permanent worker to a larger portion of data for a longer period than for a contingent worker.

For other data types, DLT allows the employer to verify (without data access) that the employee is who she says she is, to request proof of work history and qualifications. We’ll share more on that topic in the next blog.

DLT eliminates duplicate data storage and potential points of failure. Possible failures range from inaccuracies to security gaps.

Reducing the instance of inaccurate data

An employee file stored on blockchain technology reduces the chance that the employee or third parties provide inaccurate employment information. Blockchain is verified and encryption prevents any retroactive tampering.

Data integrity is important. While a fake certificate might look like an official one, technology recognizes inconsistencies and classifies them as fake.

An employer wouldn’t, therefore, need to verify school diplomas or degrees externally. The employee controls how much information to release. Employees choose to share just the degree itself or the underlying classes and grades.

Adding permanence to data

Another advantage of DLT is that information is permanent. Even though a company or school might cease to exist, once the record has been verified and created on the blockchain, it’s forever part of the employee’s history.

The data in a blockchain cannot be deleted or changed. The only exception is an addition of new information. In those cases, the distributed ledger ensures that all the nodes must verify a transaction before new information can be added.

Once the relationship between employer and employee ends, data access can be revoked (respective of legislation). And if data access needs to exist for a while longer, it can be audited so the employee knows what’s being done with it.

Education leads the way

The application of DLT to store and verify personal information is less futuristic than you think. Educational institutions are among the first organizations to introduce DLT in making student records available.

The Massachusetts Institute of Technology (MIT) released Blockcerts.  These blockchain-based certificates set the standard for creating, issuing, viewing, and verifying education details. Ngee Ann Polytechnic in Singapore and Leonardo da Vinci Engineering School in Paris have started issuing certifications on blockchain.

Estonia is on a path to create the first digital society. X-Road is the open-source DLT backbone on which the country’s entire digital infrastructure runs. It is accessed through secure, verified digital identities that are provided to every citizen and resident.

Game changer for service delivery

Mike Eralie, NGA HR’s SVP of Service Delivery explained: DLT has the ability to thoroughly change our HR service delivery.

As data processor, NGA HR handles large amounts of PII on behalf of employers and provides services like identity verification or checking of work permits.

DLT-based employee files allow NGA HR to interact directly with verifiable, secure records. Access gives employers a higher level of confidence that the employee is who she says she is, and has the qualifications and permits needed to deliver quality work legally.

NGA HR fosters innovation

NGA HR is focused on delivering innovative services. We monitor DLT developments to create solutions to benefit our clients.  Having said that, while Distributed Ledger Technology is complex. While DLT offers advantages, many questions remain to be answered.

We don’t view DLT or blockchain as a simple solution that will fix everything that is wrong with today’s handling of PII. But it offers possibilities for improving the systems we have. And NGA HR is fully engaged to explore its benefits in service delivery.

Next: The third in this series of blogs introduces the application of blockchain in HR and payroll processes. We will explore possibilities to improve hiring and candidate screening.

May 11, 2018