Story image

Using blockchain to ensure regulatory compliance

12 Dec 18

Macro 4 has released a new version of its Columbus DW enterprise content management software that helps organisations to strengthen data protection and regulatory compliance. 

A new document redaction feature restricts access to sensitive personal information by automatically obscuring selected words or images on documents held in the Columbus DW system.

To support compliance with regulations governing document processing, Columbus DW integrates with the blockchain to provide an additional trusted record of events such as how, when and by whom documents have been accessed, updated or deleted.

Macro 4 director Jim Allum says, “Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it. Columbus DW 8.4 is designed to help you do exactly that.”

Also new in Columbus DW 8.4 comes support for cloud object storage. This feature enables organisations to reduce costs and increase storage flexibility by moving documents and other unstructured data into the cloud.

These enhancements will be followed in early 2019 by the introduction of a new Columbus mobile app that allows business users to work with documents securely on a smartphone or tablet.

Document redaction provides added protection for sensitive information

Columbus DW 8.4 enables organisations to prevent viewing of sensitive text or images using a variety of redaction methods which include the replacement of selected content with random characters, ‘X’s, black boxes, or blank space. The document itself can still be accessed for operational business use.

Redacted views can be applied to all users or to certain job roles or individuals.

“You can limit access to sensitive data to just those staff who actually need to view it as a legitimate part of their job, in line with the GDPR principle of data minimisation,” said Allum. 

“Does a call centre agent or accounts administrator really need to see information such as a person’s payment history or financial status when viewing bills or contracts, for example? If not then it’s best practice to redact it.”

A related capability is data anonymisation. This is a process by which ‘live’ production data can be altered to create anonymous document samples for application testing. All original text can be replaced with random, but similar, characters to produce realistic documents for thorough testing, without exposing any real business data.

Blockchain integration delivers trusted audit facility

Columbus DW 8.4 integrates with the Hyperledger blockchain framework to provide an additional auditing mechanism for legal and regulatory compliance, as Allum explained:

Allum continues, “One of the core requirements of a legal archive is the ability to capture all the events happening around the documents you’re holding and to validate those events with the same level of integrity and security as the document itself.

“For example, if customers exercise their ‘right to be forgotten’ under the GDPR you need a reliable record of the fact that you’ve deleted their data. Columbus DW gives you absolute proof that what should happen has actually happened by recording it on the blockchain.”

Columbus DW 8.3 introduced the capability to record document-related events using the same tamper-evident hashing mechanism as the blockchain, with the option to trigger business processes or email notifications when events occur. 

Columbus DW 8.4 builds on this functionality by enabling the same record to be committed to the blockchain to independently verify that the information has not been tampered with.

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.