Story image

Using blockchain to ensure regulatory compliance

12 Dec 2018

Macro 4 has released a new version of its Columbus DW enterprise content management software that helps organisations to strengthen data protection and regulatory compliance. 

A new document redaction feature restricts access to sensitive personal information by automatically obscuring selected words or images on documents held in the Columbus DW system.

To support compliance with regulations governing document processing, Columbus DW integrates with the blockchain to provide an additional trusted record of events such as how, when and by whom documents have been accessed, updated or deleted.

Macro 4 director Jim Allum says, “Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it. Columbus DW 8.4 is designed to help you do exactly that.”

Also new in Columbus DW 8.4 comes support for cloud object storage. This feature enables organisations to reduce costs and increase storage flexibility by moving documents and other unstructured data into the cloud.

These enhancements will be followed in early 2019 by the introduction of a new Columbus mobile app that allows business users to work with documents securely on a smartphone or tablet.

Document redaction provides added protection for sensitive information

Columbus DW 8.4 enables organisations to prevent viewing of sensitive text or images using a variety of redaction methods which include the replacement of selected content with random characters, ‘X’s, black boxes, or blank space. The document itself can still be accessed for operational business use.

Redacted views can be applied to all users or to certain job roles or individuals.

“You can limit access to sensitive data to just those staff who actually need to view it as a legitimate part of their job, in line with the GDPR principle of data minimisation,” said Allum. 

“Does a call centre agent or accounts administrator really need to see information such as a person’s payment history or financial status when viewing bills or contracts, for example? If not then it’s best practice to redact it.”

A related capability is data anonymisation. This is a process by which ‘live’ production data can be altered to create anonymous document samples for application testing. All original text can be replaced with random, but similar, characters to produce realistic documents for thorough testing, without exposing any real business data.

Blockchain integration delivers trusted audit facility

Columbus DW 8.4 integrates with the Hyperledger blockchain framework to provide an additional auditing mechanism for legal and regulatory compliance, as Allum explained:

Allum continues, “One of the core requirements of a legal archive is the ability to capture all the events happening around the documents you’re holding and to validate those events with the same level of integrity and security as the document itself.

“For example, if customers exercise their ‘right to be forgotten’ under the GDPR you need a reliable record of the fact that you’ve deleted their data. Columbus DW gives you absolute proof that what should happen has actually happened by recording it on the blockchain.”

Columbus DW 8.3 introduced the capability to record document-related events using the same tamper-evident hashing mechanism as the blockchain, with the option to trigger business processes or email notifications when events occur. 

Columbus DW 8.4 builds on this functionality by enabling the same record to be committed to the blockchain to independently verify that the information has not been tampered with.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.