Patricia C. Franks, Professor & MARA Coordinator, School of Information, San Jose State University
Records and information management professionals have always dealt with the impact of disruptive technologies on records and information management programs and practices. During the 19th century, it was the invention of the typewriter. During the 20th century, programmable computers and PCs came on the scene. During the early part of the 21st century it was social media technologies. Today we’re dealing with, among other technologies, big data and artificial intelligence.
It’s no surprise, then, that records and information management professionals are now exploring the implications of blockchain and distributed ledger technologies. This article provides a brief overview of Blockchain and Distributed Ledger Technologies (DLT) for Records and Information Managers.
Basics of Blockchain Distributed Ledger Technology (DLT)
There is no one definition of blockchain. In 2016, Don and Alex Tapscott referred to blockchain as “an incorruptible digital ledger of economic transactions that can be used to record not just financial transactions but everything of value” (Tapscott, 2016).
In 2018, NIST described a distributed ledger as being comprised of “cryptographically signed transactions linked in consecutive order only after validation through a consensus decision” (NIST, 2018). Each node within the network has the same copy of the ledger and conflicts are resolved automatically according to established rules. The Distributed ledger presents an immutable single source of truth. Therefore, a Distributed Ledger equals Distributed Trust.
It helps to think of the distributed ledger as a database that is consensually shared and synchronized across multiple sites, institutions or geographies. However, there are differences between a traditional database and a distributed ledger as shown in table 1.
Table 1: Comparison of traditional database and a distributed ledger.
A number of decision tree diagrams have been published. They all suggest that you ask questions, the answers to which lead to one of two eventual outcomes—1) You should use a traditional database or 2) A blockchain distributed ledger may be right for you. Note the conditional term “may.” Even if you arrive at outcome 2, you must consider the following issues:
- Will any of the data stored need to be modified or deleted in the future?
- Will personal and/or sensitive data be stored?
- Will Big Data be stored?
If any of the above conditions exist and you intend to implement a blockchain distributed ledger solution, consider storage alternatives, such as storing a hash of the data on the blockchain and the data off the chain.
Blockchain Distributed Ledger Technologies Use Cases
It is easier to understand the impact Blockchain DLT could have on your programs if you are familiar with examples of implementation; however, most of the Blockchain DLT projects are being conducted as pilots or are in the early stages of implementation without having been evaluated on long-term success.
Blockchain DLT pilots are emerging in almost every industry, including healthcare, supply chain management, education, and government as described in Table 2.
Notice that in each case a problem was presented for which Blockchain DLT might be the solution.
Strengths and Weaknesses
Blockchain is a Recordkeeping Technology thatpossesses both strengths and weaknesses. A strength is that the records of transactions on the blockchain are immutable (cannot be changed). In addition, multiple copies exist, since each node (computer) on the network possesses an exact copy of the blockchain. Blockchain technology disintermediates the process and allows transactions to take place using peer-to-peer technology, increasing efficiency and reducing completion time of transactions.
However, there are weaknesses. Immutability poses problems if personal or sensitive information is stored on the blockchain. Under both the European Union’s General Data Protection Regulations (GDPR) and the California Consumer Privacy Act (CCPA) citizens have a right to “erasure” of information (right to be forgotten) upon request with a few exceptions. Methods to delete data from a blockchain are not available, but this may change. For now the best way to be sure you are in compliance with privacy regulations is to keep such data off the blockchain. Redundancy also poses problems as more information stored across a larger network of nodes slows down the entire process. There is a loss of context as records are stored in multiple blocks and blockchains. A risk to privacy exists because the technology is pseudonymous–not anonymous. Applications have been developed to perform analyses associating transactions and Internet protocol addresses on public blockchains. In addition, both the regulatory environment and the technology are evolving.
Impact on RIM Programs and Practices
Regardless of your industry, you should understand the types of problems that exist and if Blockchain DLT can provide a solution. How these solutions impact records and information management programs and practices vary depending upon the circumstances.
Implementation challenges are similar to those for records stored in any other type of technology. Here are a few questions to ask and answer:
- How will data kept off chain be integrated with the blockchain (either the organizations’ data or the information needed from a third-party to complete smart contracts)?
- Does the solution comply with data residency restrictions?
- Are access permissions required or will the transaction information and digital content be completely transparent to all members of the network?
- Is there a need to integrate information on the blockchain with digital content offchain? If so, is it possible?
- Is the blockchain solution compliant with all governing regulations, such as GDPR and CCPA of 2018?
- Does the Blockchain solution create new records that must be managed? If so, what policies must be developed to address them?
Blockchain & the RIM Industry
At this time, blockchain technology is not considered a substitute for electronic records management practices. There is, however, some movement in this industry.
Existing RIM products are being integrated with Blockchain—for example, Sphereon (in the Netherlands) offers two extensions for Alfresco’s content & process services that provide a Blockchain Audit Trail and Blockchain Authentication, as well as APIs and Software Development Kits that can be used as part of workflows.
RecordsKeeper as a platform (in Gibraltar) is built upon multichain technology providing a globally available decentralized system for Records Management. RecordsKeeper allows publishing of immutable data objects of up to 10 MB per block on the RecordsKeeper Blockchain using XRK Tokens as a Gas.
Conclusion
Blockchain DLT is not an alternative to current eRIM practices. Ensure current data, records, and information procedures are working effectively, and evaluate the technology and uses cases before considering full-scale implementation. If a decision has been made to implement a blockchain solution, develop policies to address the records management implications. Implement systems to develop the new policies. Ensure blockchain records/transactional data can be accessed over time. Determine if/how you can execute the disposition of blockchain records/transactional data. Finally—proceed, but with caution.
References
Tapscott, Don and Alex. (2016, May 10). Blockchain Revolution. New York, New York: Penguin Random House.
NIST, Draft NIST Interagency Report (NISTIR) 8202: Blockchain Technology Overview, retrieved April 16, 2019, from https://csrc.nist.gov/publications/detail/nistir/8202/draft
