privacy-by-design

Blockchain and privacy-by-design: a holistic approach to cybersecurity for the financial sector

SOTER takes a holistic approach for improved cybersecurity defence in the financial sector, developing a biometric-based authentication and identification Digital Onboarding Platform (DOP), coupled with a sector-specific education and awareness training programme that addresses human factor-based aspects of organisational and operational cybersecurity.

The goal is a suite of cybersecurity tools that, combined, enhance organisational information security and increase individual cybersecurity awareness and skill levels of employees.

The consortium brings together technologists and researchers, including partners with strong competencies in Social Science and Humanities disciplines and Responsible Research and Innovation, who provide expertise and support to the consortium on matters concerning research ethics, data management, ethnographic research methodologies, cybersecurity pedagogy, as well as providing considerable expertise to designated Data Protection Impact Assessment (DPIA), System Risk Assessment (SRA), and Privacy Impact Assessment (PIA+).

Security and Privacy by design 

The SOTER Digital Onboarding Platform proposes using blockchain to leverage constructs such as data interoperability, accessibility and immutability within the digital identity and authentication process, using cutting-edge cryptographic schemes and mechanisms to assure information security and verifiability.

One of the more interesting and unique aspects of the SOTER research is found within the proposed development of the digital onboarding platform and its System Risk Assessment – a necessity for Information Technology infrastructure deployed within critical sectors, as per the NIS Directive.

This task includes a commitment and adherence to Security-by-Design methodology, which seeks to ensure that the architecture, design and deployment of the platform meets crucial security standards.

Furthermore, one of the primary aims of the project is to ensure that ethics, privacy, and data protection concerns are considered all along the development path, taking centre stage in this novel H2020 Responsible Research and Innovation (RRI) initiative.

For this purpose, SOTER is also carrying out a Privacy Impact Assessment (PIA+) task, which includes a commitment to both Privacy-by-Design and Data Protection by Design and Default methodologies.

The PIA+ informs the technical development of both data protection and privacy risks, while also providing recommendations for their mitigation.

The SOTER Digital Onboarding Platform development also faces a number of compliance considerations, concerning regulatory frameworks such as the GDPR, PSD2, and 5AMLD. The project also faces standardisation and interoperability hurdles, especially those related to digital identity management systems and protocols such as eIDAS, SSI, as found contained within technology initiatives such as the European Blockchain Services Infrastructure (EBSI).

With its privacy-by-design and security-by-design approach, the SOTER Digital Onboarding Platform has the potential to be an incredibly powerful tool in efforts to further protect data subjects; increasing resilience in the financial services sector.

For more information about SOTER visit the project website and follow us on Twitter and LinkedIn.

Author: Robin Renwick, Trilateral Research