GDPR or HIPPA compliance

I store Terrabytes of data that I pay for out of my own pocket on the Storj network. It has been very reliable for me. Assuming you are in the United States, the IRS can ask for records as far back as ten years. I would feel secure having a copy on the Storj network, but not the only copy. I would feel this way with any online service provider no matter how large they are. One local, and at least one in the cloud.

Storj employees don’t have access to data. All of it is encrypted and only you have the key. However, if you use the web client or S3 gateway, encryption happens server side. The encryption keys are wiped after that is done, but in theory that’s where they could “listen in”. This is just theoretical. Storj has implemented lots of measures to ensure data won’t be accessible. The only reason I mention it is because these implementations aren’t entirely zero trust.

If you want to avoid that though, you can use uplink to transfer the data or run your own S3 gateway. In those scenarios, all encryption happens locally and there is no possible way anyone but you can access the data.

So using FileZilla PRO does it do the Encryption on my side 1st? Seems to use a LOT of processing power when sending over the data to storj

Or encrypt the data with a software of your own choice before uploading it.
Just an example, I don’t know how far they are with this and if it works with Storj DCS:

Depends on the used integration. If you used a native integration (with access grant or API Key and encryption phrase), then it’s encrypted locally. If you used an S3 integration with Storj-hosted S3-Compatible Gateway, then you opted-in for server-side encryption.
However, if you used an S3-integration with your own Self-hosted S3-Compatible Gateway, it will use a client-side encryption.

I think storj would be very wise to enlist the help of some legal professional to either figure out definitively how we can make it compliant (specifically talking about GDPR here because that’s relevant to me) or reaching out to the EU to get the regulation updated. Someone needs to get down in detail and work with the devs to make this work because (as a business owner) you can’t take storj seriously and that is a real shame.

Every business needs to backup to the cloud somewhere and storj is the perfect place for that imo but without the GDPR stamp it’s discarded as an option. Invest in making GDPR work, find a way to give us immutability controls and you’ve got yourself a massive market.

A crowd funded campaign could work here?

TL;DR: Storj is already working on this, and yes we do have legal council advising on these matters. We are confident that GDPR compliance is achievable.

6 Likes

Yes with that assessment from the EDP this seems achievable. But what about the others? I hope you are looking into them as well. HIPPA means healthcare and clinical data like from MRIs. CJIS means all the data from bodycams from policeofficers to cctvs in prisons and legal data like court and investigation data. FERPA is all data around schools and students and MPA could help with all movie and cinema related content.
Those sectors are huge too.

Regarding HIPPA and other standards, please refer to the statement from the Twitter Spaces by @Bryanm which I quoted in the post above yours.

1 Like

How is that an answer? It’s typically vague. It does not mention CJIS or FERPA or MPA nor does it state a time frame or current status or problems and solutions.
I mean, you have attended the HPA Tech Retreat 2023 wouldn’t therefore a MPA certification be a great boost when talking to potential customers?