Individuals and organisations store a significant amount of data online, including Personally Identifying Information (PII), commercially sensitive corporate data and customer information. As the sophistication and frequency of cyber-attacks grows, centralised data stores are increasingly vulnerable. Directly linked to this vulnerability, a recent study found that people who had been notified of a data breach were 34% more likely to have been a victim of identity crime.
There are two approaches under consideration by a wide range of public and private sector organisations intended to help mitigate this risk:
Data minimisation – organisations are reducing the amount of information requested from and processed about individuals. Read more about this in our section on Credentials.
Sovereign data sharing – to avoid creating centralised data stores, organisations are providing their customers and citizens with personal data spaces, directly under the control of the individual. As an example of this in Europe, the International Data Spaces Association (IDSA) is making significant inroads. The work of the IDSA is set against the backdrop of the European Data Governance Act (DGA) which seeks to “facilitate data sharing across sectors and EU countries, in order to leverage the potential of data for the benefit of EU citizens and businesses”.
You can read more about sovereign data spaces in our blog on the topic.
The Meeco Secure Value Exchange (SVX) Vault provides secure storage, under the control of the individual for a range of data types including attributes, documents, verifiable credentials (VCs), and digital media. The Vault has a Zero Value Knowledge (ZVK) architecture, which means all data values are end-to-end encrypted with only the metadata in plain text. This plain text metadata facilitates practical features such as search and sharing without accessing personally identifiable information (PII).
Data stored in the Vault can be shared via persistent peer-to-peer connections and managed at a granular level. This provides granular (per attribute) control over information shared between people, organisations, and things and can be managed by duration (minutes) or a specific date. This, combined with end-to-end encryption methods, makes it is possible to request and exchange the data without needing to see the plain text data values. Thus enhancing data privacy and data minimisation. Only secure connections can view the data in a readable format.
Using the SVX API, the Vault can be embedded in new and existing applications such as digital wallets, mobile apps, web portals or back-up services. The Vault is available for two types of users: individuals and enterprise. The Enterprise Vault offers additional functionality designed to suit organisational needs such as multi-Administrator access.
Meeco has been awarded MyData Operator status in 2020, 2021, 2022 and 2023 for the SVX Vault solution. The MyData Award is the “gold standard for ethical use and sharing of personal data”.
Read more