When personal information is included in a certificate created by Blockcerts, it is considered to be personal information under Japanese law, even if it is converted to a hash value. Therefore, we have been instructed by the legal department to avoid recording such information on the blockchain.
We would like to devise a way to prevent the hash values from being classified as personal information, but we do not know how to do so. If you are operating certificates in Japan or in other countries, please let us know how to deal with this problem.
1 Like
Are there any hashing mechanism that would be tolerated? It seems pretty intense to consider a sha256 hashing of the whole document as correlatable to PII.
In any case, if I understand correctly the problem, it’s the blockchain anchoring that’s not authorized, not just the hashing.
I see potentially 2 solutions:
- do not include PII or hashing of said in the document, which might not be feasible.
- Blockcerts supports verification of documents signed with offchain signature schemes: Ecdsa Secp256k1 Signature 2019 (EcdsaSecp256k1Signature2019) and https://w3c-ccg.github.io/di-eddsa-2020/ (Ed25519Signature2020). You’ll need to implement the signing aspect on your side, and you can find a couple of libraries to do so with your favorite search engine, it’s fairly straightforward, technically speaking. You can take a look at some PoC work here: GitHub - blockchain-certificates/poc-proofChain-blockcerts: base repo to test other signatures suites for blockcerts documents.
Here are example files (with multiple signatures, but they don’t need to be, nor signed with MerkleProof2019):
- https://github.com/blockchain-certificates/cert-verifier-js/blob/master/test/fixtures/v3/proof-chain-example-ed25519.json
- https://github.com/blockchain-certificates/cert-verifier-js/blob/master/test/fixtures/v3/proof-chain-example-secp256k1.json
As a matter of fact, I think if you change the signature back to an object (and not an array) and keep only the first one, the documents should verify.
1 Like
Thank you for your reply, the off chain method is under consideration within our company. First of all, I would like to thank you for your advice.