<aside>
💡 Problem statement: Enterprises love compliances… We love blockchains… Can we make Blockchains compliant?
</aside>
What are the compliances that enterprises love?
- PCI - DSS (Looks like an easy solution: can we innovate?)
- Started by the credit card mafia (All famous card companies)
- The de-facto rules to store card data
- PII (Personal Identifiable Information) - Our main hurdle!!! (and cash cow… Needs disruption)
- any data that can be used to identify a specific person
- Best solution : Don’t store personal data - Too utopian
- Worst solution : Mass surveillance - Too Orwellian
- Middle Ground : A hardworking Blockchain with additional components - That’s where we capture the market
- PHI (Protected Health Information)
- High risk High reward
- Good solution : Blockchain
- Better solution : Private Blockchain
- Best solution : Kalptantra - You get other components to safeguard all the compliances
- HIPAA : This is an act
- To ensure an org follows it, they must do the following:
- Ensure the confidentiality, integrity, and availability of all e-PHI data
- Detect and safeguard against anticipated threats to the security of the information
- Protect against anticipated impermissible uses or disclosures that are not allowed by the rule
- Certify compliance by their workforce
- The following types of individuals and organisations are subject to the Privacy Rule
- Healthcare providers
- Health care plans
- Clearing houses
- Business associates who do
- billing
- data analysis etc
- GDPR
- This is European but a gold standard for all : Very difficult to achieve especially for a public blockchain
- TLDR; - Explained later
- If we cover this, we cover almost all PII related compliances
- COPPA (PS. It’s an act to protect the children)
- We are going to put schools on chain and we are a US company so COPPA (which is a US law) must be followed otherwise we’ll pay huge fines
- Biggest risk : Pedophiles
- Gist : Data shouldn’t help anyone track any child
- Good solution : Don’t take PII data of children
The verdict :
<aside>
💡 These things are difficult to achieve on public chains.
KALPTANTRA is the answer
</aside>
The solution :
<aside>
💡 More than one ring to rule them all…
Make modules around KALP to facilitate different compliances, as one solution would be too strict for all
</aside>
When is data processing allowed
- The user has given consent for one or more specific purposes.