PrivacyChain

A platform for personalized privacy information sharing.

PrivacyChain is a privacy-preserved distributed solution that collects self-reported personal identifiable information, anonymizes sensitive information according to user-defined privacy controls, ensures transparency in the use of information by informing users of access requests, and guarantees trust on data share between secured parties. The solution administers a user-friendly and interactive self-report form delivered on web, smartphone application, USSD and IVR with translation support for local language for low-literacy population as well as an offline mode for limited internet connectivity. It’s backend architecture is built on blockchain to provide trusted data transactions between data owners and data users while ensuring transparency and integrity. Using blockchain, the data owner has full control of their personal information and can release complete, partial or sanitized data to data requestors.

A unique digital identity (personal code) is generated for each data owner and can be printed as a barcode or a QR code. This code is the primary identifier that is used to extract sanitized information about an individual when requested on the blockchain network by a data agent. Importantly, the solution enables the linkage with existing verifiable numbers such as driver licence, passport and health insurance numbers so that data requestors can cross-check and validate the identity of a data owner.

Given that technology can discriminate in its accessibility to people with low literacy, reduced mobility or reduced access to the internet, PrivacyChain addresses these challenges by delivering localized voice-recorded surveys that allows voice response, and guided numeric-input submissions. Additionally, PrivacyChain provides a module for assisted-forms that gives permissions to data agents to assist data owners in collecting personal information, which is expected to be relevant for people with reduced mobility, low digital literacy or less access to technology. This add-on module promotes an increased accessibility to all.

Concerning privacy guarantee, the solution employs data anonymization techniques that remove explicit identifiable information (e.g. name, sex, social security number), reduce specific sensitive details to generalized information, and obfuscate sensitive entries to random values in order to make an individual indistinguishable in a population. Specially-developed algorithms are designed to anonymize the detailed personal information that is released to data requestor. The level of privacy control that defines the extent of anonymization to be applied to the data  is solely determined by the data owner. A data user can request for high granularity of an individual’s data, which will be subject to the decision of the data owner to grant or deny access. This will facilitate the possibility of releasing data to private interests in exchange of compensation. To ensure that the data is correct and up-to-date, periodic validation queries are sent to data owners to modify or verify their data input. These requests are scheduled to be undisruptive and convenient to the users.

The solution achieves interoperability by using frameworks that are designed to support application programming interfaces (APIs), by providing a secured and uninterrupted access to PrivacyChain’s data engine. PrivacyChain gives access to external applications that are authenticated with tokens having limited access expiration duration.

PrivacyChain, provides an innovative platform of data housing and sharing with customizable privacy settings on the front-end and enhanced anonymization techniques on the back-end while guaranteeing full ownership of data to data owners. The data owner determines the level of granularity they wish to disclose to the data user requesting access. In addition, PrivacyChain integrates easily with existing applications using secured and standard data interoperability protocols for data sharing and application development. Lastly, the solution is built on the blockchain technology which assures transparency and trust in a distributed data transaction system, where network users might be unknown and unverified.

Privacy is ensured by design as the anonymization algorithm is embedded right in PrivacyChain. No data can leave the data owner’s profile without going through this secure filter, as data owners need to opt-in for data sharing rather than open-sharing being the default setting. Again, explicit identifiers that uniquely distinguishes a data owner are removed by default until the data owner grants access to a data user. The solution allows for scanned copies of proof-of-identity documents (i.e. driver licence, passport and others) to be uploaded and saved on the platform. As a security feature, shared access to these online documents are designed to automatically expire within a time interval. This protects the data owner from misuse of limited privileges granted to data users. Given these features, the data is maximally protected and data sharing with authorized data users is restricted. Additionally, the infrastructure firewalls and cyber security protections against malicious attacks are going to protect the data housed.

PrivacyChain will enable linkages between the data owner’s profile (comprehensive repository of all of their data) and existing databases systems (as long as they enable APIs). This way, the data owner will be able to add their existing identification numbers (eg. driver’s license, health insurance, passport, etc.) to their profile and allow statutory databases to access this information, thereby validating their identity to the institution.

PrivacyChain is administered as a cross-platform innovation available on all technology media and devices such as web, smartphone application, USSD and IVR on mobile phone. This makes is easily accessible through mobile and or computers. It’s user interface is built with well-crafted interactivity and visual representations to facilitate its use by people from different backgrounds and experience levels with technology. Also, PrivacyChain supports local language translation by easily delivering texts in the preferred language of the user. The local language module can be readily configured with addition of more languages, as requested by data owners.

PrivacyChain allows data exchange using secured application services (APIs) delivered on the standard REST protocol. Using this protocol, authorized external applications can easily integrate the data model into their architecture.

PrivacyChain has an offline mode for environments with limited internet connectivity and enables periodic caching and syncing to stay updated. This offline feature is only available for the smartphone application which is highly dependent on internet connection. On the contrary, smartphone applications depend on internet, while USSD and IVR operates on GSM technology bounded by telecom network coverage. IVR is a voice based phone system that allows for delivery in local language for low-literacy people. This feature is also built-in in PrivacyChain. Individuals with low digital literacy can be assisted through delegate data agents to create profiles.

We project to partner organizations who collect information about the population to use our platform for information gathering. Also, we find the solution useful for public utility providers who require updated contact information for their customers to integrate into the platform and make use of its rich functions.

We are working with the Population Council, Ghana office, which undertakes research into sexual health. Our platform is being used to profile data on their clients that are subscribed to family planning options. Hitherto, clients were ascribed a random number by field agents which made it difficult to identify the client in the absence of the field agent. We have recently introduced the platform to the Electricity company of Ghana in managing its contact information.

Our team possess cross-cutting experiences and competencies in data collection and management, and have consulted on data related assignments for both public and private institutions in Ghana and sub-saharan countries. Our team is made of surveyors, data enumerators, database administrators, software developers and data privacy experts who collectively work together to create outstanding applications to address the data needs of the subregion. 

In the last three years of operation, we have grown from a consulting startup to a product innovation firm. We remain abreast with emerging technologies and invest in sufficient literacy of such, to contribute and stay relevant in this fast-paced technology age. We believe that we are well poised for long-term sustainability because we adapt to changes, ensure our competencies are updated with advances in technology and our product offering is relevant with state-of-art platforms. We listen, design, develop and work with clients in developing solutions that meet their expectations and assures of returns as well.

We believe participation in this prestigious challenge will be an eye-opener to give is the needed exposure in our enterprise. We are ready to share, learn and shape our experiences from mentors and other esteemed participants who will be delivering similar products. We will be honoured to showcase our product borne out of hardwork to a high-level expert who have to fortitude to critique and commend our solution.

The fundamental barrier for this solution will be the reluctance on data owners not to share their personal information, which we recognize is not only a threat to our solution but applies to most identity solutions. As a solution, we plan to embark on aggressive marketing that will focus on the ease of use of the system, transparency and data security provided, and also incentivize data owners who use the platform.