Using blockchain to ensure regulatory compliance
Macro 4 has released a new version of its Columbus DW enterprise content management software that helps organisations to strengthen data protection and regulatory compliance.
A new document redaction feature restricts access to sensitive personal information by automatically obscuring selected words or images on documents held in the Columbus DW system.
To support compliance with regulations governing document processing, Columbus DW integrates with the blockchain to provide an additional trusted record of events such as how, when and by whom documents have been accessed, updated or deleted.
Macro 4 director Jim Allum says, "Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you've done it. Columbus DW 8.4 is designed to help you do exactly that.
Also new in Columbus DW 8.4 comes support for cloud object storage. This feature enables organisations to reduce costs and increase storage flexibility by moving documents and other unstructured data into the cloud.
These enhancements will be followed in early 2019 by the introduction of a new Columbus mobile app that allows business users to work with documents securely on a smartphone or tablet.
Document redaction provides added protection for sensitive information
Columbus DW 8.4 enables organisations to prevent viewing of sensitive text or images using a variety of redaction methods which include the replacement of selected content with random characters, 'X's, black boxes, or blank space. The document itself can still be accessed for operational business use.
Redacted views can be applied to all users or to certain job roles or individuals.
"You can limit access to sensitive data to just those staff who actually need to view it as a legitimate part of their job, in line with the GDPR principle of data minimisation," said Allum.
"Does a call centre agent or accounts administrator really need to see information such as a person's payment history or financial status when viewing bills or contracts, for example? If not then it's best practice to redact it.
A related capability is data anonymisation. This is a process by which 'live' production data can be altered to create anonymous document samples for application testing. All original text can be replaced with random, but similar, characters to produce realistic documents for thorough testing, without exposing any real business data.
Blockchain integration delivers trusted audit facility
Columbus DW 8.4 integrates with the Hyperledger blockchain framework to provide an additional auditing mechanism for legal and regulatory compliance, as Allum explained:
Allum continues, "One of the core requirements of a legal archive is the ability to capture all the events happening around the documents you're holding and to validate those events with the same level of integrity and security as the document itself.
"For example, if customers exercise their 'right to be forgotten' under the GDPR you need a reliable record of the fact that you've deleted their data. Columbus DW gives you absolute proof that what should happen has actually happened by recording it on the blockchain.
Columbus DW 8.3 introduced the capability to record document-related events using the same tamper-evident hashing mechanism as the blockchain, with the option to trigger business processes or email notifications when events occur.
Columbus DW 8.4 builds on this functionality by enabling the same record to be committed to the blockchain to independently verify that the information has not been tampered with.