Beyond the cryptocurrency craze, which has to some extent created negative overtones around blockchain, the technology is proving to be one of the most significant and disruptive innovations of the digital age. A Juniper Research study last year reported that six in 10 large corporations are considering, or are in the process of deploying, blockchain technology, and the hype since that study has continued to increase. Juniper also reported that among corporations that had reached proof of concept for blockchain implementations, 66 percent expected their projects to be fully integrated by the end of 2018.
First developed to disrupt financial markets, blockchain is a distributed peer-to-peer digital ledger, in which transactions are recorded chronologically and publicly. It provides a way to account for and openly track transactions between parties. And because it is de-centralized and designed for versatility, blockchain in and of itself is typically secure and difficult to compromise or hack. But it is far from bulletproof. The explosive growth of this technology has made it a prime target for malicious actors looking to exploit it for gain, and researchers have found that it is indeed vulnerable to theft, network attacks, mining attacks, and fraudulent use.
As an increasing number of enterprises look to adopt blockchain for applications spanning parts and supply tracking, data storage, cybersecurity, device verification, enabling secure communications, and more, in-house legal teams must prepare for the data governance and compliance implications of its use. The primary concern from an information governance (IG) perspective is that blockchain technology will inherently create an explosion in corporate data with no retention schedule. According to Gartner, its use by various lines of business will lead to a breakdown of governance processes, creating a crisis for leaders responsible for these functions and forcing organizations to adapt their IG programs accordingly.
Adjusting policies and procedures does not happen overnight, and counsel should look to get ahead of impending blockchain implementations. The first step is to initiate conversations with the various teams that are considering blockchain tools or are entering into proof-of-concept stages of a deployment. During those conversations, and as new interest in blockchain arises, counsel should be asking the following questions:
1. What information is stored on or passed via the blockchain? First and foremost, counsel needs to understand if the blockchain processes and publishes any elements that would be considered high-value or sensitive data assets. Inevitably blockchain will increase data volumes, which should be evaluated.
2. Does the application provide a way to uniquely identify and collapse each block? This functionality will be critical for incorporating the blockchain into the organization’s ongoing, routine data disposal program.
3. What privacy protocols are in place around the blockchain? By nature, a blockchain ledger is public. But to align blockchain use with data security and privacy best practices, the blocks will need to be made private. However, this reduces the attractiveness of the technology, as it may impede some of the technology’s efficiency and innovation. Most trust its security because of the public nature of the blockchain.
4. What are the security vulnerabilities? While blockchain enables a strong security posture, there have been numerous hacks and attacks on blockchain networks in the cryptocurrency landscape, proving that it is not immune to breach.
5. What are the implications for the General Data Protection Regulation (GDPR) and other data privacy regulations? For organizations operating globally, compliance with jurisdictions that have strict data protection laws could certainly be affected by blockchain use. For example, under GDPR, how and where the data of EU Citizens is transferred and processed on the blockchain could come into question.
In “Adapt Your Information Governance for the Rise of Blockchains,” Gartner analysts Saul Judah and Nick Heudecker stress that “it’s essential [to] ensure [the] information governance framework can respond to the consequences of deployment of blockchain-based infrastructure in business operations.” Indeed, blockchain use will offer many operational efficiencies, but the significant challenges it introduces for data management and data privacy cannot be overlooked. Issues of trust also arise in both public and private blockchain networks. This new space has a long way to go to reach maturity. But counsel who begin thinking about it today will be in a much better position to build sustainable programs around blockchain data. And counsel can potentially even learn ways to leverage the technology for IG applications that can strengthen compliance and governance efforts.