Verifiable credentials, data privacy, Web3, oh my! This corner of technology may seem complex, but it’s only becoming more important for businesses to be well-versed in the area.
To remove some of the mystifying fog around the concept, we chatted with Dan Giurescu, Founder of Credivera. Dig into Dan’s mini web3 tutorial below to learn:
- What is blockchain technology and how does it work?
- What is blockchain used for?
- What is web 3.0 technology?
- The current state of digital identity in Canada.
- Employers’ responsibilities in the future of work.
- How blockchain technology helps employers manage people’s information.
WHAT IS BLOCKCHAIN?
Blockchain is a software that tracks information by creating an online repository of WHO owns WHAT data and WHEN.
It’s driven by a set of engagement rules (AKA: smart contracts) that are pre-defined when the blockchain frameworks are created and the technology is employed. The rule-based engagement is important as it pertains to who owns what information, what information is being passed to whom, when that information will be available, and for how long.
Remember: Blockchain is NOT cryptocurrency. Think of blockchain as a base technology, and cryptocurrency is an app built on top of that technology.
Blockchain is changing the way we do business and creating new business models. Critical in business interactions, it creates a new level of trust between vendors, partners, customers, the government, banks, and interdepartmentally.
There are two types of blockchain: private and public.
A private blockchain network has the following properties:
- Shared data.
- Controlled access and permissions.
You’ve been invited to this and provided access to info that is controlled by the person or business that invited you—it’s a permissioned blockchain. We all know each other because it’s a private and trusted environment.
95% of business that have deployed blockchain technology have deployed private.
In a public blockchain network, everyone has the same role, permissions, and controls.
Anyone can sign up to a public blockchain and this is where the exchange of cryptocurrencies and other methods of transacting information happen.
The only thing private in a public blockchain is who you are as an individual.
The foundations for blockchain were built. The term “append only” refers to the ability to manage and control data—you can go in and append to the data site but can never delete what has been published.
The first blockchain component came to life. The purpose of it was to create a new method of managing digital currencies and allow individuals to own their digital currency without it being subject to the fluctuations of the global economy.
There were an estimated 2000+ cryptocurrencies created to ensure individuals had access to methods in which they could exchange value with each other.
Was a big year as it was when private blockchain was created and businesses began to adopt the concept on a larger scale. 90% of companies that deployed a private blockchain used Hyperledger.
WHY IS THIS IMPORTANT FOR THE EVOLUTION OF DATA STORAGE?
An example of a centralised environment would be the old data centers with one plug that could take down the whole center.
As the world started to use the world wide web more and taking advantage of the ability to securely share information, it moved toward a decentralised environment—a data environment with many points of failure and many ways to control them. By managing this environment, data could be backed up somewhere else if something failed quickly. We still predominantly live in this decentralised environment.
The latest blockchain and 5G networks have moved us into what’s called distributed storage/means of communications. This allows us to have no single points of failure. The way the data is encrypted, shattered, and put back together deters hackers as they would have to hack all points simultaneously, decrypt the data, change the data, put it back together and then disperse it back into all the original spots without being traced. This is incredibly hard to do when you have an unlimited amount of distributed points data can be stored against.
All of those led to the following key features of today’s blockchain:
- VISIBILITY: Common database accessible to all.
- SECURITY: Permissions and access rights are given to users, making it more powerful than a traditional database model.
- TRANSPARENCY & ACCOUNTABILITY: Business processes and contracts exchanged between us all is only possible with this kind of technology.
KEY ELEMENTS/ECOSYSTEM OF A BLOCKCHAIN SOLUTION:
If you are looking to implement and deploy blockchain technology into your business environment, there are 5 key areas you should focus on to understand if blockchain is a fit:
- BUSINESS PROCESS: Does it make sense to replace your business process with methods of accountability, transparency, and trust?
- NETWORK OF USERS: Who are they? They can be individuals in the organization, outside the organization, supply chains, partners, etc. that have access to information (business processes, etc.).
- ACCESS: Make sure you know access points are managed and controlled with ‘actors’ and ‘actions’ to ensure the individuals involved have been given the right permissions to complete their tasks. Record this information in a ledger and be sure that ledger is always audible so you can have the highest level or assurance.
- OUTSIDE SYSTEMS: What systems does your blockchain have to interact with? For example: API calls between technologies to ensure the data transfer happens securely.
- FIT FOR PURPOSE PLATFORM: There are many flavors to the world of blockchain, so it’s important to pay attention to the ecosystem. Work with someone who understands the environment and can help you find the right platform that will work with both your current business and where you want your business to go.
GLOBAL DRIVERS FOR BLOCKCHAIN TECHNOLOGY, THE DEMAND FOR DIGITAL IDENTITY, & STANDARDS FOR SHARING PRIVATE INFORMATION
1. NATURE OF WORK
- Remote workforces are increasing.
- Up-skilling with micro-credentials (continual learning for staff) vs. just a degree.
- The cost to verify workforce identity and avoid identity scams.
2. PERSONAL PRIVACY LAWS
- Canada: Bill C-11/27, Consumer Privacy Protection Act, and the Digital Charter Implementation Act.
- Europe: New mandatory EU digital identity and GDPR.
- California: California consumer privacy act.
3. SELF SOVEREIGNTY:
- According to Javelin Strategy & Research’s 2021 Identity Fraud Study, the cost of identity fraud scams to Americans in 2020 was $43 billion, and the year before it was only $19 billion.
- The movement towards control of personal information.
- Employees demand reduced hiring bias. It’s important for organizations to empower individuals to own their identity, know that they are welcome, and ensure they leave with information that will support them in their career.
CANADIAN DRIVERS FOR BLOCKCHAIN TECHNOLOGY
Penalty for non-compliant organizations: up to 3% of global revenue or $10 million. It’s important to look further into these so you and your business can be prepared.
New Obligations From the Consumer Privacy Protection Act:
- Private sectors must implement a privacy management program
- Plain-language explanations and obtaining valid consent
- Data portability for individuals
- Transparency requirements for automated, decision-making systems such as artificial intelligence
- Rules governing the de-identification of personal information
VERIFIED DIGITAL CREDENTIAL
Verified Credentials are a trusted digital record of a qualification, certification, or achievement. Below is the timeline of the changes in the storage of these certifications:
- Paper certificates
- Digital records (PDFs are a 30+ year old technology)
- The challenge here is that there is no mechanism for a badge to be revoked, so it has no statute of limitation. This means that people who share a last name can steal each other’s badges and post online. There is no unique personal identifier
- Verified/verifiable digital credentials (VC), courtesy of blockchain technology
Employers, associations, and regulatory bodies face challenges in verifying the skills and identity of their constituents.
- Large internet conglomerates (w3c) are rolling out technology standards in support of emerging identity laws.
- Web3 is giving control to the consumer when sharing private information (when/what to share and revoke).
- SSI: real-time verification of identity and tamper-free recording of where information was used.
- Decentralized regulatory control: shifting control into the hands of consumer while reducing overshare (ie: selective disclosure vs. full record disclosure).
CREATING NEW CHOICES FOR EDUCATION, EMPLOYMENT, AND OWNING WHAT YOU KNOW
New models of education are emerging on Web3 technology, supported by Verifiable Credentials. Individuals can gather skills from a variety of sources and validate that knowledge in their own digital wallet. Think of it as a life-long portfolio of micro education credentials.
New models of employment are emerging on Web3 technology, giving people a greater level of comfort surrounding their identity:
- A tamper-free and portable Verifiable Credential of one’s background, education, or employment is verifiable by the employer in real time.
- Employees gain convenience and the ability to own what they know and who are they.
- People gain control over who can see their information.
NEXT STEPS FOR YOU AND YOUR BUSINESS
As a business owner, it’s important for you to think about the following elements and understand the technology and rules of Canadian Regulatory Compliance for Data Privacy:
- AFFIRM a commitment to consumer data privacy with employees. Let them know you are aware of their privacy rights and are taking the steps to be compliant.
- ORGANIZE a team to review the current state of the company’s consumer data collection practices and privacy measures.
- IDENTIFY where measures are falling short of current statutory requirements and what improvements can be made to enhance consumer data privacy and reduce the risks of data privacy breaches. Most of the time, these breaches are human induced—the biggest risk are internal people who fall for phishing and spamming attacks, which allows people to penetrate your system and get behind firewalls. Organizations are moving toward a “zero trust” security strategy.
- DEVELOP A PLAN to rectify anything non-compliant with current statutory requirements.
- IMPLEMENT rectification and improvement plans so you are prepared to pivot when new requirements are put forth.
- PREPARE CURRENT PROCEDURES for additional changes by regularly monitoring and periodically revising consumer data collection practices and privacy measures.
Thank you, Dan, for enlightening us on the world of blockchain development.
HUNGRY FOR MORE WEB3 INSIGHTS?
Watch Dan’s full presentation on our Deeper Insights Webinar below.