Solving the Right to be Forgotten Problem
The Right to be Forgotten (technically the right to erasure or for users to have personal data removed from service providers’ records) creates a big problem for suppliers. This right is becoming standard across the new global wave of data protection and consumer privacy legislation that has followed GDPR.
The process of continuous location monitoring and/or on-demand detection of users’ data for erasure is time-consuming and costly. A new tokenization service offers a potential solution.
Tokenization is an attractive option for protecting data. For full benefit, individual characters should be tokenized. However, the processing power necessary for such a process has held back its implementation. Now the compute power and low storage cost of cloud computing is removing this restriction.
Start-up firm Rixon Technology has developed and is using its own patented cloud-based vaultless tokenization engine to provide flexible and almost real-time tokenization and detokenization.
(See SecurityWeek’s report on tokenization and encryption for more information on tokenization technology.)
The basic Rixon approach to tokenization is that cleartext should never be stored on its customer’s network. Raw text is sent to the cloud tokenization engine and returned as tokens. The original cleartext is stored neither locally nor in the cloud – the engine simply remembers the tokenization process. This is held in immutable cloud servers that cannot be accessed by any human, whether the customer, a hacker or Rixon itself. If the server detects anything unusual, it simply burns itself down and rebuilds elsewhere.
Rixon invited Joseph Demarest, former assistant director for the cyber division of the FBI, to review its security. “I couldn’t find any gaps,” he told SecurityWeek. “The technology is durable, very fast, flexible and customizable. The customer retains ownership of the data and can decide on its security policy based on its own risk tolerances.”
Demarest believes that security needs a change of direction. The old moat and castle approach clearly no longer works. “We had a saying in the Bureau,” he said: “if you try to protect everything, you end up protecting nothing.” But concentrating on protecting the data is different. “Tokenization has the potential to transform the way organizations manage and protect their data,” he added.
Tokenization is by nature format-preserving, which means that tokenized data can still be processed by existing applications. Since individual characters can be tokenized, enough of the cleartext can be retained to be useful to the company without being useful to any criminal – for example, the last four characters of a bank card number or a portion of an email address that can confirm the identity.
Rixon has now combined the power and flexibility of its tokenization technology to produce a solution to the RTBF problem by giving control of personal data back to the data owner; that is, the user.
RTBF – the user’s right to have PII erased
PII is ubiquitous within business. It is basically ‘customer information’. RTBF requires that every instance of PII should be available for deletion on demand. But most companies don’t know where it is held. It could be in databases; it could be free form in emails and letters; and with the rise of remote working, it could be on employees’ home computers in spreadsheets or in their Shadow IT cloud apps.
Much of this PII is initially captured by online retailers for purchasing transactions. With Rixon’s RTBF solution, the Rixon customer – such as an online retailer or service provider – can add an additional button to its online payment data collection form. The button is a toggle between ‘allow’ and ‘forget’. The initial state is ‘allow’.
When a user enters payment data into the form it is encrypted and sent to the tokenization engine where that information is tokenized. Since the initial state of the allow/forget button is set to allow, the vendor is ‘allowed’ to see the cleartext detokenized data. Payment for the purchased goods can proceed and be processed.
But if the user subsequently decides, on completion of the transaction, that he or she does not want the vendor to keep any personal information, the toggle button can be switched to ‘forget’. This sends an instruction to the tokenization engine, and the vendor’s ability to see cleartext is immediately removed. All that remains is the meaningless tokenized characters.
User ‘consent’ is given by entering the data and is removed by resetting the toggle button to forget. The vendor is released from any need to manage PII, and data auditing becomes simple: there is no PII to audit.
The flexibility of the system goes further. Provided the user retains the initial data entry form, the toggle button can be switched back to ‘allow’. If that user wishes to make future purchases from the same vendor using the same bank card, switching to ‘allow’ immediately allows the vendor to see the detokenized data to process the purchase. The user can subsequently switch to ‘forget’, to once again remove the PII from the vendors system.
This allow/forget/allow process can be continued indefinitely. It means that the user has control over personal data and its use, and the vendor no longer has to manage or worry about PII. The vendor is protected from any compliance issues because he doesn’t store any personal data. He is less attractive to hackers since there is no PII to steal, and data auditing requirements are minimized if not effectively eliminated.
On October 14, 2021, Rixon Technology was announced as one of three platinum award winners in the annual Pepperdine ‘Most Fundable Companies’ competition. This year, 3,300 U.S start-ups entered the competition.