scholarly journals Permissioned Blockchains: Towards Privacy Management and Data Regulation Compliance

2020 ◽  
Author(s):  
Paulo Henrique Alves ◽  
Isabella Z. Frajhof ◽  
Fernando A. Correia ◽  
Clarisse De Souza ◽  
Helio Lopes
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Distributed Database ◽  
Analytical Framework ◽  
Data Governance ◽  
Sensitive Data ◽  
Significant Control ◽  
Blockchain Technology ◽  
Governance Model ◽  
Permissioned Blockchains

Data privacy and protection has been a trending topic in recent years. The COVID 19 pandemic has brought about additional challenges and tensions. For example, sharing health data across several organizations is crucial for significant control and reduction of massive infection and death risks. This implies the need for broadly collecting and using personal and sensitive data, which raises the complexity of data protection and privacy challenges. Permissioned blockchain technology is one way to empower users in controlling how their data flows through the net, in a transparent and secure way, through an immutable, unified, and distributed database ruled by smart contracts. Given this background, we developed a second layer data governance model for permissioned blockchains based on the Governance Analytical Framework principles to be applied in pandemic situations. The model has been designed to organize the relationship between data subjects, data controller, and data processor. Regarding privacy concerns, our proposal complies with the Brazilian General Data Protection Law.

A Data Privacy Governance Model

2019 ◽  
Vol 10 (1) ◽  
pp. 74-93
Author(s):  
Margareth Stoll
Keyword(s):  
Corporate Governance ◽  
Data Protection ◽  
Data Privacy ◽  
Business Processes ◽  
Management Systems ◽  
Legal Compliance ◽  
Legal Requirements ◽  
General Data Protection Regulation ◽  
Governance Model ◽  
Information Security Governance

The importance of data privacy, information availability and integrity are increasingly recognized. The new EU general data protection regulation 679/2016 obligates stringent legal requirements with high sanctions for noncompliance. Most organizations worldwide are affected directly or indirectly. It requires overall a risk and evidence-based data privacy management as part of corporate governance. More than 1.6 million organizations worldwide are implementing a standard-based management system, such as ISO 9001 or others. To implement the new data protection regulation in an effective, efficient and sustainable way, the author provides design-oriented guidelines on how to integrate the legal requirements into standard based management systems. The holistic data privacy governance model integrates different information security governance frameworks with standard based management systems in order to comply the regulation. In that way data privacy is part of all strategic, tactical and operational business processes, promotes corporate governance, legal compliance and living data protection.

scholarly journals Trust Hardware Based Secured Privacy Preserving Computation System for Three-Dimensional Data

Electronics ◽  
2021 ◽  
Vol 10 (13) ◽  
pp. 1546
Author(s):  
Munan Yuan ◽  
Xiaofeng Li ◽  
Xiru Li ◽  
Haibo Tan ◽  
Jinlin Xu
Keyword(s):  
Data Privacy ◽  
High Performance ◽  
Distributed Storage ◽  
Three Dimensional ◽  
Privacy Preserving ◽  
Sensitive Data ◽  
Privacy And Security ◽  
Time Consumption ◽  
Blockchain Technology ◽  
3D Data

Three-dimensional (3D) data are easily collected in an unconscious way and are sensitive to lead biological characteristics exposure. Privacy and ownership have become important disputed issues for the 3D data application field. In this paper, we design a privacy-preserving computation system (SPPCS) for sensitive data protection, based on distributed storage, trusted execution environment (TEE) and blockchain technology. The SPPCS separates a storage and analysis calculation from consensus to build a hierarchical computation architecture. Based on a similarity computation of graph structures, the SPPCS finds data requirement matching lists to avoid invalid transactions. With TEE technology, the SPPCS implements a dual hybrid isolation model to restrict access to raw data and obscure the connections among transaction parties. To validate confidential performance, we implement a prototype of SPPCS with Ethereum and Intel Software Guard Extensions (SGX). The evaluation results derived from test datasets show that (1) the enhanced security and increased time consumption (490 ms in this paper) of multiple SGX nodes need to be balanced; (2) for a single SGX node to enhance data security and preserve privacy, an increased time consumption of about 260 ms is acceptable; (3) the transaction relationship cannot be inferred from records on-chain. The proposed SPPCS implements data privacy and security protection with high performance.

Semantic Disclosure Control: semantics meets data privacy

2018 ◽  
Vol 42 (3) ◽  
pp. 290-303 ◽  
Author(s):  
Montserrat Batet ◽  
David Sánchez
Keyword(s):  
Data Protection ◽  
Privacy Protection ◽  
Information Disclosure ◽  
Data Privacy ◽  
Personal Data ◽  
Current Data ◽  
Sensitive Data ◽  
Content Type ◽  
Disclosure Control ◽  
Statistical Approaches

Purpose To overcome the limitations of purely statistical approaches to data protection, the purpose of this paper is to propose Semantic Disclosure Control (SeDC): an inherently semantic privacy protection paradigm that, by relying on state of the art semantic technologies, rethinks privacy and data protection in terms of the meaning of the data. Design/methodology/approach The need for data protection mechanisms able to manage data from a semantic perspective is discussed and the limitations of statistical approaches are highlighted. Then, SeDC is presented by detailing how it can be enforced to detect and protect sensitive data. Findings So far, data privacy has been tackled from a statistical perspective; that is, available solutions focus just on the distribution of the data values. This contrasts with the semantic way by which humans understand and manage (sensitive) data. As a result, current solutions present limitations both in preventing disclosure risks and in preserving the semantics (utility) of the protected data. Practical implications SeDC captures more general, realistic and intuitive notions of privacy and information disclosure than purely statistical methods. As a result, it is better suited to protect heterogenous and unstructured data, which are the most common in current data release scenarios. Moreover, SeDC preserves the semantics of the protected data better than statistical approaches, which is crucial when using protected data for research. Social implications Individuals are increasingly aware of the privacy threats that the uncontrolled collection and exploitation of their personal data may produce. In this respect, SeDC offers an intuitive notion of privacy protection that users can easily understand. It also naturally captures the (non-quantitative) privacy notions stated in current legislations on personal data protection. Originality/value On the contrary to statistical approaches to data protection, SeDC assesses disclosure risks and enforces data protection from a semantic perspective. As a result, it offers more general, intuitive, robust and utility-preserving protection of data, regardless their type and structure.

scholarly journals An Innovative Mechanism of Blockchain Technology on Joint Governance Model

2021 ◽  
Author(s):  
Huawei Zhao ◽  
Ruzhi Xu
Keyword(s):  
Public Health ◽  
Data Sharing ◽  
Prevention And Control ◽  
Collaborative Governance ◽  
Current Data ◽  
Data Governance ◽  
Blockchain Technology ◽  
Governance Model ◽  
And Control ◽  
Security Incidents

Joint prevention and control is a social organization model dealing with the governance of public health and security incidents. The governance modelsshould have the features of multiple subjects co-governing and distributed cooperating. Their purposes are to solve and improve the governance efficiency of dealing with public health and security incidents at the executive level. However, there are still many deficiencies in the current data governance and collaborative governance of joint prevention and control systems, which are mainly reflected in incomplete data collection, unimpeded data sharing, inflexible collaborative cooperation, and inadequate collaborative supervision. Therefore, a new innovative governance model is urgently needed. Blockchain technology is suitable for implementing multi-party data sharing and cooperation, and at the same time, it supports penetrating supervision and management. This paper studies the blockchain model for joint governance of public health and security incidents. It focuses on the multi-agent collaborative prevention and control governance model, which provides a new opportunity for model innovation in data governance and in cooperative governance.

A Data Privacy Governance Model

2021 ◽  
pp. 304-326
Author(s):  
Margareth Stoll
Keyword(s):  
Corporate Governance ◽  
Data Protection ◽  
Data Privacy ◽  
Business Processes ◽  
Management Systems ◽  
Legal Compliance ◽  
Legal Requirements ◽  
General Data Protection Regulation ◽  
Governance Model ◽  
Information Security Governance

The importance of data privacy, information availability and integrity are increasingly recognized. The new EU general data protection regulation 679/2016 obligates stringent legal requirements with high sanctions for noncompliance. Most organizations worldwide are affected directly or indirectly. It requires overall a risk and evidence-based data privacy management as part of corporate governance. More than 1.6 million organizations worldwide are implementing a standard-based management system, such as ISO 9001 or others. To implement the new data protection regulation in an effective, efficient and sustainable way, the author provides design-oriented guidelines on how to integrate the legal requirements into standard based management systems. The holistic data privacy governance model integrates different information security governance frameworks with standard based management systems in order to comply the regulation. In that way data privacy is part of all strategic, tactical and operational business processes, promotes corporate governance, legal compliance and living data protection.

scholarly journals A Decentralized Data Privacy for Mobile Payment using Blockchain Technology

2020 ◽  
Vol 8 (6) ◽  
pp. 5260-5264
Keyword(s):  
Data Privacy ◽  
Mobile Payment ◽  
Manufacturing Companies ◽  
Sensitive Data ◽  
Public Network ◽  
Security Issues ◽  
Service Companies ◽  
Mobile Payments ◽  
Blockchain Technology ◽  
Number Of Customers

Mobile payments today have become the most preferred method of transaction for an increasing number of customers. To provide robust security mechanism for mobile payment in public network is challenging task for device manufacturing companies and network service companies. Most of the mobile payment apps make payment easy and fast, but users have to face new security challenges. Because users have to do payment transaction in an open network this makes users sensitive data put at risk, where advisories launch attack and theft of user’s identity information. Resent payment apps like Google-pay and phone-pay successfully address the security issues, but these apps might suffer from internal attacks, because data is centralized where apps should accept permission from bank server to do the transaction. In the proposed system we introduce a protected transaction pattern using blockchain technology which overcomes the limitation from the existing system. Our money transformed in the form of cryptocurrencies and it stored in the separate wallet. The particular wallet is installed in the mobile devices. Payment or transaction through two consumers lacking any prior permission. The proposed System uses decentralized data server to preserve data privacy from adversaries. While transaction we directly transfer through the blockchain wallet without any interference from the Bank. The proposed system proven to be secure and efficient for online payment transaction. It secured from cyber attackers or intruders hence data can be stored in separate blocks and its difficult to find out exact data. This overcomes the negative aspect of usual mobile payments.

A Layered Approach to Jurisdiction

2017 ◽  
Author(s):  
Dan Jerker B. Svantesson
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
General Data Protection Regulation ◽  
Legal Rules ◽  
Privacy Laws ◽  
Scope Of Application ◽  
General Data ◽  
Layered Approach ◽  
Substantive Law

This chapter observes how it may be inappropriate to apply a single jurisdictional threshold to diverse instruments such as data privacy laws. In the light of this observation, a proposal is outlined for a ‘layered approach’ under which the substantive law rules of such instruments are broken up into different layers, with different jurisdictional thresholds applied to each such layer. This layered approach is discussed primarily as a technique to be utilized in legal drafting, but it may also be applied in the interpretation and application of legal rules. Article 3 of the European Union’s General Data Protection Regulation, which determines that regulation’s scope of application in a territorial sense, provides a particularly useful lens through which to approach this topic and, thus, the discussion is largely centred around that Article.

Sign in / Sign up

Export Citation Format

Share Document