Data breaches never cease to grab headlines these days. In fact, we hear of them so often that the destruction they leave behind may not even make many of us flinch anymore. As long as the data is somebody else’s, people might just choose to look the other way. But with more and more data breaches, the odds that somebody can continue to avoid the perils of data storage become ever more remote. The truth is, data breaches are a technological danger that the entire modern world faces, and the problem is only getting worse. State and federal lawmakers continue their attempts to address the vociferous claims of breach victims but struggle to keep up with the tactics of hackers. Suffice to say, the consequences of these breaches are becoming increasingly severe.
Additionally, data breach victims’ information is varied and comes from all areas of life: there is patient data from hospitals and medical facilities; credit card and bank account holders’ financial information; trade secrets; cellphone data; even identifying information and private messages of those cheating on their spouse. Okay, maybe the last one isn’t the worst, but it accentuates the point: nobody is safe.
Some of the biggest problems with these breaches are the fundamental mechanisms by which the data is stored. For example, in many data breaches, the data is stored in a centralized location, perhaps on a third party’s servers or a local drive. There are plenty of problems with centralized data storage, chief among them being that the labor and time necessary to collect the data for its unlawful removal during a breach is significantly reduced, since all the data is located in a specific and susceptible place. Comparatively speaking, it used to be harder for criminals to steal information. For example, they may have had to break into a business’ central location and drag the filing cabinets into the back of their pickup truck. And if not hard, there was at least much less incentive, given the lack of stealth and the potential noise involved in maneuvering a metal filing cabinet out of a business’s window or back door in the middle of the night, or trying to sneak away boxes upon boxes upon crates of a client’s private information.
It is only natural to centralize important data and documents. The filing cabinet example illustrates that we have been doing it for years. It’s just easier. No business wants to have to pull together pieces of a file located in five different storage locations across town or across the country. We all want to walk to the shelf and see the entire file there. With computer hard drive storage and even early cloud storage, this workplace tendency has generally remained intact. But computer and cloud storage also introduced the methods criminals use today to quite invisibly steal the data without anybody at your business knowing until it’s too late (or maybe never knowing at all). Perhaps it’s time for a decentralized approach.
The potential benefits of a decentralized means of storage cannot be underestimated. If the data is accessible by anybody on a network but encrypted and scattered across the network, it is not so easily the target of thieves. In this vein, the system is essentially taking the files in the filing cabinet and shooting the information on the pages inside it across the globe in every direction, simultaneously hiding the correct information behind code only decryptable by those on the network.
In many regards, this is what blockchain attempts to accomplish. Blockchain, a technology largely still in its infancy, has the potential to bring traditional data breach hackers to their knees. This could be great news for businesses, especially considering that blockchain also aims to make data storage cheaper, more consistent and more available. Some skeptics have become wary, associating blockchain with Bitcoin and the economic turmoil that has come with cryptocurrencies of late. However, while blockchain is indeed the technology underpinning cryptocurrencies such as Bitcoin, it has a bright future in data storage, accuracy and management, largely independent from Bitcoin’s market issues. While there are nuances and caveats to any new technology, the potential here is great for the following reasons:
- Blockchain consists of technological “blocks” containing data or information, which are then essentially added on top of each other into a “chain.” The collective chain has unique properties, one of which is that the information on the chain is permanent and time-stamped. It is immutable, which is imperative to data storage.
- The blockchain network is composed of “nodes” that, in simple terms, act to validate the data through one of several consensus protocols that incentivize proving that the data is, among other things, nonmalicious. To add to the chain, the data typically must be accepted by a certain percentage of the network, thereby thwarting traditional breach attempts by rogue hackers.
- Blockchain technology also allows for the possibility of “smart contracts,” which are coded contracts that self-execute when the system recognizes that a predetermined set of criteria are met, which could be immensely useful to companies in the business of data transfer (such as banks, medical institutions, real estate firms, insurance companies and the like). A hacker attempting a data hack would, theoretically, be overruled by the consensus protocol, and the contract would not trigger.
Of course, decentralized platforms come with their own issues. Any blockchain or crypto enthusiast probably knows about the various types of attacks that can occur on decentralized networks in certain situations. There is also the issue of the scalability trilemma: that blockchain aims to render solutions for security, decentralization and scalability, but can only truly possess any two of the three properties at one time. With time will surely come solutions or alternatives to the original platforms with these types of problems, as blockchain has been resilient in its methods for resolving issues in the past.
Ultimately, when considering enterprise shifts in data protection, any modern business would be smart to consider the growing decentralized options for storage available to it, including blockchain-based options. There may be no greater data privacy tip in the present day than to educate your employees, and/or IT department and legal departments, on the advent and enterprise opportunities found in decentralized data storage platforms. Your company will surely be grateful for this in the future. Data protection is the gift that keeps on giving; whether that gift is for the data owners or the data hackers is a story still being written.
Chris C. Schwarz is an associate attorney at ADLI Law Group who focuses his practice on corporate, business transactions and civil litigation.