| Hi, it's Trent here, CTO of BigchainDB. That's a great question. It's surprising how few people are aware of the current German data protection laws (where we're based) and the upcoming EU data protection laws aka GDPR. There are a few ways to address the issue: 1. Don't store any PII on the database, rather only use it to link to data that's stored on-premise in many places. The database has permissioning, and therefore acts as (decentralized) access control logic. Have a TOS with proper legal teeth so that if a database user does store PII on the database, they are liable in the real world. 2. Run an instance of BigchainDB within a region, e.g. within Germany, and comply with the appropriate laws there. Let PII be on the database. But, each node must follow data protection guidelines, similar to how a single centralized entity would, but now do it for each node. 3. Force encryption of all PII, and pray. (3) is really a non-option. I stated it because many people are saying "just encrypt". But the problem is quantum computing. In 5-15 years quantum computing will be sufficiently easy to access that any encrypted data that's publicly available can be decrypted. You might say "well let's migrate to quantum-tolerant crypto before then" but that doesn't stop a malicious actor from copying encrypted PII now. You might say "let's use quantum tolerant crypto now" but we've seen with most crypto algorithms that it takes years to harden them. Would you trust your PII with untested crypto algorithms? I wouldn't. In short: putting encrypted PII on public nets is a bad idea. Please, please don't do it. |
Also, are suggesting that no sensitive data should ever be stored in a BigChainDB, or I misinterpret #3?