The release of the Blinding Identity Taxonomy (BIT) Initiative on September 9th has the aim of providing needed common standards to help protect the privacy of personally identifiable information (PII) about people, organizations, or things. BIT classifies 46 different PII elements (see the list below) which require cryptographically encoding to prevent the identification of individuals and any information associated with them. Some of these elements can directly identify individuals, such as a name, physical address or bank account details, and some of them can do so indirectly, such as a photo, IP address or cookie browser identifier.
While this initiative addresses some of the fundamental demands of the EU's new GDPR regulation on the storage of data, we believe the BIT initiative is relevant to all companies and not merely those which store data about EU citizens. This is why Dativa is supporting the community efforts in both Hyperledger Indy and here at Kantara. Barely a week goes by without some new story appearing about a data breach after some criminals have hacked into a database and extracted PII data which they can then use in ways which negatively impact on those about whom the company has stored data. With BIT in place, the now encrypted data which the thieves have, will contain none of the valuable PII data the hackers are desperate to obtain. Not all data require encryption, and BIT identifies which data require a cryptographic process and which do not. While any data breach is serious, if customers lose out, not only will they require compensation, they are also much less likely ever to trust the company or purchase its products or services again.
The essence of the BIT initiative is in the 46 elements, which require encryption when they are stored in databases, regardless of whether these are on the cloud, in local servers or anywhere else.
[Adapted from this page on Dativa https://www.dativa.com/blinding-identity-taxonomy/ whose support of the Kantara mission is gratefully acknowledged].