Vaultless Tokenization and the Right to Be Forgotten

The EU’s General Data Protection Regulation (GDPR) and comparable American statutes like the California Consumer Privacy Act (CCPA) require companies to extend a “Right to be Forgotten” (RtBF) to consumers.  This right enables a consumer to request that a company with whom the consumer has done business to delete the consumer’s personally identifiable information (PII) from its databases.

Such a request seems simple in theory, but in reality, it’s much more complicated. The RtBF potentially creates security issues, adds administrative overhead, and increases a company’s audit burden. Tokenization providers may offer a solution to this challenge. Of particular note is the patented platform approach taken by Rixon Technology, which provides an innovative, auditable solution that addresses both the consumer and service provider aspects of the RtBF conundrum.

Such a request seems simple in theory, but in reality, it’s much more complicated.

The CCPA states, “A business that receives a verifiable request relating to the above is obligated to delete the consumer’s personal information from its records and direct any service providers to delete the consumer’s personal information from their records.” This concept is evident in theory, but the actual implementation can be challenging to execute and can result in unexpected costs and other difficulties.

First, there is a data management process of determining which information collected from a consumer constitutes PII.  Then, a company must identify which received data is potentially subject to the RtBF.  For example, if Sally Smith (the “data owner”) buys a dress of size 10, Sally’s name is PII and is subject to the RtBF, but her dress size is not and may be retained by the company.

Imagine that Sally wants to “be forgotten.” She calls the company and speaks with customer support. She requests that her data be deleted. The customer support representative creates a service ticket that goes to a Database Administrator (DBA). The DBA then manually purges Sally’s PII data from the database.

There are several problems with this approach to the RtBF. Most importantly, this typical process can be costly and highly inefficient. Moreover, these processes may fail to follow the law in sufficient detail to make the company compliant with the requirements of regulations such as the CCPA and GDPR.

If a DBA does not know where to look or inadvertently overlooks relevant databases, he or she may accidentally do an incomplete RtBF. 

If a DBA does not know where to look or inadvertently overlooks relevant databases, he or she may accidentally do an incomplete RtBF. Thus, Sally’s PII could still be lurking in multiple databases within the company. This kind of well-meaning but non-compliant RtBF process can leave the company unexpectedly out of compliance with the CCPA, GDPR, or related laws. The consequences might include fines, penalties and even brand damage.

Data backups and data warehouses present additional compliance risks. An extensive database full of PII can be a treasure trove to a hacker or other unauthorized party. Under the CCPA and similar laws, a PII breach can result in legal liability as well as high costs, driven by consumer notification requirements. The brand may also suffer reputational damage.  Fines of between $100 and $750 per consumer can also be imposed on the entity suffering the PII or HIPAA breach. Doing the math, the breach of a 100,000-record PII database could cost between $10 and $75 million in CCPA costs and fines.

Data backups and data warehouses present additional compliance risks.

To guard against such substantial financial impact from a data breach, many companies currently encrypt their customer data. While encryption is a standard security measure employed by many companies, this approach is not optimal and possesses vulnerabilities. For instance, if a hacker or unauthorized party obtains the encryption key, the data is now subject to exposure. When data is encrypted, complying with an RtBF request involves the cumbersome and insecure process of decrypting data to confirm possession of PII. Only then can the company proceed to delete the PII. Some organizations address this problem by performing the RtBF requests manually. In doing so, however, companies are faced with a costly, time-consuming, and inefficient overall process.


Finding a workable solution for RtBF

The objective for most, if not all, companies subject to the CCPA, GDPR, and comparable regulations is to be able to perform an RtBF request as efficiently as possible. Thus, the fewer manual steps, the better. Auditability is also essential. Vaultless tokenization meets these criteria and more.

Traditional tokenization uses a process in which the service provider stores customer data, creating an administrative burden and a security risk.  With vaultless tokenization, the service provider only stores the tokenized data. In other words, vaultless tokenization realizes the process without requiring the merchant, or “service provider” organization to store the original data in a digital “vault” on its premises.

For example, the Rixon Solution converts the consumer’s PII to format-preserving, smart tokens at very high speeds. Rixon transmits these tokens to the service provider, who then stores the tokens (not the actual PII) in its database, compressing many of the security requirements. This process supports the integrity and confidentially of PII data.  When needed, the frictionless and completely transparent solution enables the service provider to de-tokenize a consumer’s data in order to complete a payment card banking transaction, or any other necessary business tasks, compressing the PCI/DSS compliance footprint and securing the PII data.

This process supports the integrity and confidentially of PII data.

The result is a streamlined, administratively light mode for satisfying the RtBF requirements of applicable laws. The consumer (“data owner”), and only the consumer, can then uses a simple Allow/Not Allow toggle button in the user interface to trigger the tokenization process of their PII. If the data owner selects “Not Allow,” the consumer’s PII is tokenized and masked from the service provider. While in this form, the tokenized PII is not stored in un-tokenized form anywhere on the service provider’s infrastructure. If employees of the service provider attempt to look up the tokenized part of a consumer’s record, they will only see useless tokens.


Reversing RtBF with vaultless tokenization

The Rixon Solution also makes RtBF reversible.  In other words, not only can a consumer’s PII data be “forgotten,” but it can also later be “remembered,” for future interaction with the service provider.  Similar to the RtBF process, to be remembered, the consumer (“data owner”) need only to return to the same RtBF interface and toggle the button from “Not Allow” to “Allow.”  Solely the data owner controls this “Reversible Masking” process.

The Rixon Solution also makes RtBF reversible.

Privacy laws like the CCPA and GDPR are here to stay, and likely to become stricter and more pervasive in the future, with numerous states in the US and countries around the world expected to adopt similar standards soon.  At the same time, the need for data security grows more intense with every passing year.  These two factors make vaultless tokenization Solution an appealing option for the protection of PII. Rixon Technology’s solution is flexible. It will work with any type of data in any language or technology architecture, from eCommerce and payment card to healthcare, finance and education.