Organisational Data Protection Reserach Based Assessment

Scope

The research will focus on a small sized, theoretical organisation consisting of four departments; IT, HR, and Finance

Objectives

1. Define and design an organisational structure and outline the inter-departmental data sharing requirements.
2. Define data access roles for each user role within a department that map to the roles described in Faber et. al. (2019) 
3. Create a Role Based Access Control for the organisation using Hyperledger Smart Contract and implement access security to the blockchain.

Methodology

The definition and design of the hypothetical organisation will adopt the work of Köhler-Bußmeier, Wester-Ebbinghaus and Moldt (2009) where an approach to model formal organisations was presented using a Petri net-based model. The model integrates structural, functional and interactional features of an organisation in addition to providing a formal model of business processes comprising participants with different roles and contexts. The roles assigned to participants will be based on those discussed in the work of Faber et al., (2019) which include User, Service provider, Data purchaser, Data validator. However, these roles will be suitably modified to fit the use case of the hypothetical organisation. The figure below shows a sample structure:

Fig. 1 Organisational structure (Köhler-Bußmeier, Wester-Ebbinghaus and Moldt, 2009)

Subsequently, a smart contract will be designed on the HyperLedger blockchain as described in the work of Makhdoom et al., (2020). HyperLedger is the technology of choice due to factors such as faster TX times, increased privacy and security among others as described in Makhdoom et al., (2019). Additionally, the design will incorporate a challenge response aspect coded into the smart contract as described by Cruz, Kaji, and Yanai (2018) as well as an access mechanism enabled by REST API utilising dual security in the form of an API Key and OAuth 2.0 (Makhdoom, 2020). As a proof of concept, the model will be deployed on HyperLedger and validated based on different security and performance attributes using the blockchain benchmark tool, HyperLedger Caliper.
Risk Log

Table 2: Risks associated with the proposed project.

Key:

75 Risk very high - urgent action required 

50 < 75>Risk high - action as soon as possible 

25 < 50>Risk may be acceptable - more analysis required 

< 25>Low risk - no gains expected from extra work

Sources and Use of Knowledge

• A number of journals are of interest to the researcher that consider the use of blockchain as a mechanism for the management of data access. Some of these articles are conference articles published on IEEE Explore including the work by Zyskind et. al., published in the 2015 IEEE Security and Privacy Workshops and the work by Zheng et. al., published in the 2018 IEEE 20th International Conference on e-Health Networking, Applications and Services (Healthcom). Other journals of related focus areas consulted for the development of this proposal such as the work by Cruz, Kaji, and Yanai, which served as the main inspiration for this proposal was published in volume 6 of the IEEE Access Journal.
• In total, over 10 scholarly works of literature on the utilisation of blockchain in different industries ranging from Healthcare to IoT and Business were reviewed by the researched in the development of this proposal.
• Upon completion of the research work, the author identifies the IEEE Access Journal as appropriate for possible publication. The reasons cited are the rapid review process, the multidisciplinary nature of the journal and popularity. However, a drawback to publishing in the journal is the quite significant processing cost and low acceptance rate of about 30%. It is noteworthy to state, however, that this low acceptance rate can act as a spur to drive the author to deliver the research as a higher quality.

Statement of Ethics

Due to the nature of the project being proposed, with no aspect of data collection; the dataset required for the execution of the project would be built entirely from scratch, there is no ground for the processing of personal information. Due care would be observed in ensuring that open sources resources are used in the execution of the project while adhering to laws governing the use of intellectual property and general caution will be exercised to ensure observance of all relevant legislation as well as ethical and professional standards. All references made to information recovered from journals and papers used within this proposal have been properly referenced