The purpose of privacy policies is to protect individuals and their sensitive data. At the same time, individual data collection can benefit society. A valid example of this is medical research.
According to the USA National Institutes of Health, collecting individual health data helps with general medical improvements, including:
• Reducing the time to discover and develop new cures and treatment options
• Lowering rates of disease incidence
• Decreasing mortality rates in people with disease
• Reducing the economic burden of disease by reducing hospitalization and other costs
• Decreasing levels of disability
• Improving quality of life by reducing pain and suffering
• Sustaining support for university research, education, and tomorrow’s leading scientists
Last year registered the steady growth of the privacy industry as well as cyber attacks and data breaches. Data breaches can result in the loss of billions of private records and significant economic damages. A data breach occurs when private digital information is intentionally and unlawfully released to an untrusted environment.
According to the 2016 Verizon Data Breach Investigations Report, "95% of breaches, and 86% of incidents are covered by just nine patterns:
- Miscellaneous errors - 17.7%
- Insider and privilege misuse - 16.3%
- Physical theft and loss - 15.1%
- Denial of service - 15%
- Crimeware - 12.4%
- Web app attacks - 8.3%
- Point-of-sale intrusions - 0.8%
- Cyber-espionage - 0.4%
- Payment card skimmers - 0.2%
(Others - 13,8%)
Although we often hear about computer intrusions and data breaches, people seem increasingly desensitized towards this topic as well as little aware of behaviors to be implemented to reduce risks.
During 2018, data breaches have not spared any economic sector: Macy's and Bloomingdale's, who have not disclosed the extent of the stolen data, and together with Dixons Carphone, are some of the most renowned retailers who have reported the theft of personal information of their users. Dixons Carphone has reported the subtraction of data of about 10 million people and 5.9 million credit cards.
Intrusions hit technology companies too, such as the social network Reddit and the mobile app Timeshop. Hackers managed to steal users data both from Reddit, who did not disclose the extent, and Timeshop, where 21 million users were affected.
There have been numerous breaches and data subtractions in the health and medical sector too. SingHealth, Singapore's health database, reported the theft of 1.5 million patients sensitive data, including that of the prime minister. The Hong Kong Department of Health suffered a ransomware attack that led to inaccessibility of their systems for two weeks. Hacking started from three computers and spread to all of the department’s Infection Control Branch. According to a department spokeswoman: “Files stored on the computers were encrypted by ransomware, and an email address to contact for a decryption key was left behind, but no ransom was demanded”.
One of the most striking attacks was launched against MyFitnessPal, leading to the theft of 150 million users personal data: hackers took usernames, email addresses, and hashed passwords.
Personal data theft can lead to many consequences. Cyber criminals can use stolen credit cards data to make purchases, sensitive financial information can be used to organize scams, names and email addresses obtained can enable phishing campaigns.
As attested by many studies, the theft of sensitive health data may result in the public display of personal information related to the physical and mental health of people, with consequences that can range from affecting a person’s dignity, to discrimination in the social and working spheres. This data could also be sold to companies performing unauthorized research or to insurance companies, without excluding the possibility that they may be used for blackmail or extortion against people whose data has been exposed.
As a reaction to the cyber attack increasement, governments are more and more committed to legislate in favor of protecting personal privacy. The European Union General Data Protection Regulation (GDPR) is one of the worlds strongest regulation for the protection of people with regards to the processing of personal data, and on the free movement of such data. Meanwhile, the privacy industry is busy developing new data storage protection solutions. Quoting CISCO, “Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks”.
“The continuingly increasing number of targeted attacks is driving the growth in cybersecurity services as major governments, such as the US government, and venture capital firms have continued to invest money into cybersecurity companies. In addition to the high projected growth rates by various industry research firms and analysts, IoT security, cloud security, and increasing cybercrime costs are going to continue to drive the spending in this industry moving forward”
According to Forbes, the cybersecurity market is expected to reach $170 Billion USD by 2020.
Some of the most innovative development paths involve the recording of personal data on blockchain. Blockchains can be viewed as a specific kind of distributed database in which data is stored in an encrypted form and remain under the exclusive control of their owners. The blockchain allows to plan access, reading and immutable recording of data. Immutability features could seem to conflict with GDPR rules but there are several methods to develop GDPR compliant blockchains.
Nowadays many companies are building privacy and security blockchain based ecosystems in many economic sectors. In most cases those blockchains are developed as private, where participants have to be invited and verified by the network owner, or permissioned, whose participants can be given specific permissions with different levels of access to different parts on the network.
healthbank, a Swiss cooperative company with more than 250.000 registered users, is an innovative blockchain solution for the health sector and data privacy.
healthbank has developed a GDPR compliant medical platform with health and medical data uploaded by the user. healthbank users maintain complete control and access to their health and medical data and are allowed to decide on a case-by-case basis with whom to share with, including doctors, hospitals and research institutes.
In this end-to-end encryption solution, data is recorded and encrypted with a combination of public and private keys, making it completely secure and accessible only by the user.
The importance of combining privacy and blockchain in compliance with current regulations is proven by the interest and efforts made in this direction by corporations such as IBM, Deloitte, Accenture, Amazon, Microsoft.
The right to respect for one's private and family life, their home and correspondence is a fundamental right of the individual under the Charter of Fundamental Rights of the European Union and in the Universal Declaration of Human Rights.
Despite this, many companies aren’t doing enough to respect the rights of their users and stakeholders, exposing them to increasingly insidious risks.
The implementation of sensitive data on blockchain is certainly a choice that will revolutionize the security of personal data and will give individuals the opportunity to maintain their exclusive control.