Azure for Executives

Using blockchain to secure data with Kohei Kurihara

Episode Summary

Kohei Kurihara, co-founder of Privacy by Design Lab and President of the Tokyo chapter of the Government Blockchain Association, helps us understand the difference between public and private blockchain and talks about how blockchain can be used in data privacy scenarios, how blockchain fits into the larger IT ecosystem, and which industries are taking up blockchain today. Additionally, David Houlding, Director of Healthcare Experiences at Microsoft tells us what investments in blockchain he is seeing particularly around data privacy.

Episode Notes

Kohei Kurihara, co-founder of Privacy by Design Lab and President of the Tokyo chapter of the Government Blockchain Association, helps us understand the difference between public and private blockchain and talks about how blockchain can be used in data privacy scenarios, how blockchain fits into the larger IT ecosystem, and which industries are taking up blockchain today.

Additionally, David Houlding, Director of Healthcare Experiences at Microsoft tells us what investments in blockchain he is seeing particularly around data privacy.

Episode Links:

Episode Transcript

Microsoft Azure Blockchain Solutions

Azure Blockchain Service

Azure Blockchain Workbench

Government Blockchain Association


Kohei Kurihara is the co-founder of Privacy by Design Lab and has deep experience with blockchain and distributed ledger technologies. He is the president of the Tokyo chapter of the Government Blockchain Association.

Follow him on LinkedIn or Twitter.

David Houlding is Director of Healthcare Experiences at Microsoft. He has 26+ years of experience in healthcare spanning provider, payer, pharmaceutical, and life sciences segments worldwide, he also has deep experience and expertise in cloud computing, privacy, security, compliance, blockchain, and AI / ML. Responsibilities include leading an expert team and program to accelerate key healthcare partners of Microsoft with Azure, Marketplace, and GTM jumpstart (co-marketing, and co-selling) to help them grow worldwide.

Follow him on LinkedIn or Twitter.


David Starr is a Principal Azure Solutions Architect in the Marketplace Onboarding, Enablement, and Growth team at Microsoft. 

Follow him on LinkedIn and Twitter.

Episode Transcription

DAVID STARR: Welcome to the Azure for Executives podcast, the show for technology leaders. This podcast covers trends and technologies in industries and how Microsoft Azure is enabling them. Here you'll hear from thought leaders in various industries and technologies on topics important to you. You'll also learn how to partner with Microsoft to enable your organization and your customers with Microsoft Azure.

Hello, listeners. Today we're talking about blockchain and here to talk with us is Microsoft's David Houlding who is the Director of Healthcare Experiences for Microsoft Azure. He has served as chair of the HIMSS Blockchain Task Force for over two years and currently serves as an advisor to the British Blockchain Association. So I don't know if you're aware of HIMSS, but it's the biggest healthcare conference out there. Anything else you want to say about HIMSS, David before we jump in?  

DAVID HOULDING: No, it's a great organization. It's an association and lots of exciting stuff going on with the Blockchain Task Force, and interoperability, and security, and all facets of healthcare IT. So check out for more, but I invite you to engage.  

DAVID STARR: You got some other interests beyond blockchain, right? Cloud, privacy, security, compliance, and AI. And I know that you've got a lot of background in security too. So I wonder if you could tell us any more about your security.  

DAVID HOULDING: It's interesting. Prior to Microsoft, I was with Intel Health and Life Sciences for over a decade. And I was covering as director of privacy, security, compliance for Health and Life Sciences, and that's how I initially got involved in blockchain. In the early days, it was asserted as a silver bullet for security, and I was invited to get into it and understand it and understand its strengths and where it needs help. And long story short, blockchain’s got some really good security strengths like protecting the integrity of data through decentralization, improving availability of systems and data, but it's not a security silver bullet by any stretch. And that's how I got into blockchain. The more I got into it, the more I realized the fantastic potential.  

Today if we look at it from a data standpoint, and I'm speaking generally of organizations across the world pretty much in the mindset of collect as much data as we can, lock it down in our silo, and data is the new oil and hoard as much as you can. And it's unfortunate because a lot of data is actually of mutual interest, common interest, and maintaining all of this data redundantly across these silos and not sharing it, not collaborating on it is really hindering a vast amount of untapped potential. Just to give you an example, in healthcare, many of us visit many different healthcare providers over our life, and they each have a record of us. There's not as much sharing as there should be, and it really impacts the quality of patient care. And it really puts a burden on the patient to fill out endless forms and whatnot. And if we were able to have shared data and blockchain could play a role in that, then we would improve patient care. We would reduce healthcare costs because we wouldn't have to maintain all this data redundantly. And errors occur with redundant maintenance of data, and mismatches in data and claims bouncing, and inefficient patient care, and so we can do a lot better. And I think going forward really need to think about data in terms of what data truly needs to be private and truly should be locked down in a silo and then what data is mutually of interest across a consortium of collaborating organizations like a healthcare provider network. And for the latter, we should be considering blockchain as one element of IT infrastructure that can really help facilitate the secure collaboration across a consortium of organizations.  

DAVID STARR: That perfectly dovetails into everything we're going to talk about today on this show about blockchain and data privacy, the second part of that, and see how those two work together. But before we do that, I wonder if we could talk about some preliminary topics before we dive into the data privacy issue. Specifically, it would probably be helpful for listeners who may not be aware about what blockchain actually is so maybe you could give us a quick tour of blockchain as a core technology, what is it?  

DAVID HOULDING: Think of traditional IT systems as being centralized. You generally have a set of servers in some central location and then client or endpoint devices accessing whether it's a web browser, whether it's a mobile device, whether it's other endpoint devices. And in contrast, blockchain: think of it as a backend B2B middleware that sits behind the servers but across the consortium. So imagine a group of organizations and they're using blockchain between them as this central cog to facilitate collaboration between their servers. And so what's at the core of blockchain is something called a ledger. Think of it as a linear record of transactions chronologically. Each block in the blockchain is literally a chain of blocks; each block is like a mini blank canvas. There's a lot of flexibility in what data you can put on. The data is hashed so you get a hash code, which is the fingerprint of the data. And actually, the hash code in a given block is the hash of the data plus the previous hash code. So in this way, you protect the data integrity with the hash code but also since the hash codes are chained like, they depend on each other, you get this chain of blocks, and that's where the word blockchain comes from. And it turns out with blockchain because you're protecting the integrity with these chained hash codes, it can really do a good job of protecting the integrity of the data and makes it resilient to things like fraud where people purposely corrupt the data for personal gain or data gets corrupted by malicious hackers or other bad actors. But blockchain does a really good job of protecting the integrity of data with these chained hash codes.  

Blockchain is also decentralized in the sense that, think of the blockchain network as being made up of multiple blockchain nodes. Think of each blockchain node as sort of a server that is communicating with the other blockchain nodes via a blockchain protocol and a consensus protocol. And basically, when a new set of transactions comes along, it gets batched onto a block. And as it's put forward to a particular blockchain node to append to the blockchain, the consensus protocol between the blockchain nodes is what's used by the blockchain network to negotiate and ensure the validity and add those blockchain nodes to the shared ledger in a way that maintains the consistency and validity of the ledger.

So basically, what's in those transactions that are batched into those blocks is very flexible. It could be used for certain types of healthcare data. It could be used for financial data; it could be used for a lot of different kinds of data. It really depends on what the use case is, what the industry is, what the group of organizations is and where they're trying to add value by applying blockchain. And again, it's all-around data that's of mutual interest and mutually maintaining that data, sharing that data for mutual gain and to improve patient care to reduce healthcare costs and so forth in the case of healthcare, but obviously, blockchain goes way beyond healthcare. I just happened to be focused on healthcare

DAVID STARR: The way you described the chained hash codes really helped me visualize the immutability of the chain that makes every bit of sense the way you described it. So thanks for that. So with regard to Microsoft in the space of blockchain, I wonder if you could maybe take us on a tour of some of the things that Microsoft is doing in the blockchain space.

DAVID HOULDING: Yeah, absolutely. And there is a great resource, David, if we can include some links in the notes, the Microsoft Azure blockchain solutions resource; there's a link for that. It's really a great site which provides an overview of the Microsoft Azure blockchain portfolio of platforms and tools and reference architectures for various common use cases including supply chain and track and trace, so that's a common one in healthcare with drug supply chain and cold-chain for vaccines and so forth. But this resource also includes case studies and success stories across several industries. One of the interesting ones is Starbucks where Azure blockchain is used to empower smallholder farmers to track products from beta to barista. And that's another example of supply chain track and trace using blockchain. There are many more use cases across industries.  

Interestingly, the supply chain track and trace for healthcare often takes the form of the drug supply chain where you have medicines moving from pharmaceutical manufacturers through distributors to the dispensaries, to the pharmacies into the hands of the patients or caregivers. And being able to track and trace you can verify the authenticity of the medicine is not counterfeit and it's safe to consume. And then a side use case to that is what we call cold chain where it's not just the location, the change in location of the medicine as it moves through the supply chain that you're tracking, you're also tracking the environmental parameters like temperature. So if you have a perishable vaccine, like we're seeing for COVID-19 the Pfizer vaccine needs to be kept at very cold temperatures. And if it rises above that, it may become unsafe to consume. So the cold chain use case, what is getting tracked on the shared ledger inside the blockchain is the temperature readings at various points in the trajectory of that medicine from manufacturing to injection. That can really help with many things. In the U.S., we have the Drug Supply Chain Security Act (DSCSA) and that's a regulatory requirement for drug supply chain so satisfying regulatory compliance. Blockchain can be used for that but also rooting out counterfeit drugs that's a big plus, being able to verify the authenticity of drugs and safety to consume those drugs those medicines and again, that they've been kept inside safe temperature boundaries are great benefits of that particular use case. But yeah, the Microsoft Azure blockchain solutions resource again, is a great resource to look at and some good use cases and other ways to get started.

Now, that's sort of the initial high-level overview. Within that, you've got the Azure blockchain service which is in preview, and it's a starting point for blockchain very easily prototype apps and simplify your development with prebuilt networks and infrastructure. So if you're just getting started with blockchain on Azure, you can use the Azure Blockchain Service. There's the Azure Blockchain Workbench which is also in preview, and it's a foundation for building governing and deploying fully managed blockchain networks and apps at scale. There's the Azure Blockchain Development Kit, which is a comprehensive GitHub repository of developer blockchain content including code samples and accelerators. Of course, Microsoft's very active in the area of decentralized identity which is very closely related to blockchain. It uses blockchain and is a Microsoft decentralized identity resource. We can include the link for that too; that resource includes a lot of white papers, tools, and those really enable several different participants. Everyone, through decentralized identity, can own and control their digital identity and protect their privacy with secure user experiences. For organizations, they can engage with less risk using electronic claim verification and improving transparency and audibility. And decentralized identity for developers they can design user-centric apps and services and build true serverless apps that store data with users. So Microsoft participates in many different blockchain initiatives from decentralized identity standards and tools to consortiums across industries. I happen to be very close to health and life sciences. So I know of several consortia that Microsoft is involved in. We have different use cases like supply chain and cold chain and professional credentials exchange and many other use cases. There's actually a supply chain in track and trace for medical devices too. We want all blockchains to run well on Microsoft platforms. That's what's available from Microsoft currently in the area of blockchain but many more exciting announcements at the Microsoft Build conference later this year.  

DAVID STARR: I was going to ask you about that because you said that's what's available currently. [Laughs] So we're going to be looking forward to Build.  

DAVID HOULDING: Right. It's quite a lot. There's been some evolution in blockchain, and I think there's a general appreciation. In the early days, blockchain was asserted as a solution to many different problems. And of course, like many technologies, it ends up being part of the solution. Blockchain is no different. It's part of the solution, and there's a lot of other IT infrastructure around the blockchain that's needed in most use cases to make them successful.  

DAVID STARR: Thanks, David, that's a great trip around blockchain and Microsoft's involvement. So with that, I think we'll move on to our other guest and keep the show rolling.

DAVID HOULDING: Sounds great, David.  

DAVID STARR: I want to welcome Kohei Kurihara to the show. He is the co-founder of Privacy by Design Lab and has deep experience with blockchain and distributed ledger technologies. He's the president of the Tokyo Chapter of the Government Blockchain Association. Kohei, welcome to the show.  

KOHEI: Great to be on the show. Thank you, David.  

DAVID STARR: You bet. Glad to have you. So I wonder if we could start off by just having you talk a little bit about your history with blockchain and what your experiences have been.

KOHEI: Sure. I started working in the blockchain field in 2018. I was given some requests from the blockchain experts through LinkedIn. And my friend in San Francisco had started to work on a Bitcoin-related payment startup. It inspires me that this technology has great empowerment to the individual instead of using a centralized database. So this is the reason why I came to the blockchain field in particular the Government Blockchain Association I was assigned from 2018 as the President of the Tokyo Chapter. I started to lead the local community to organize some meetups, invited the public policymakers as well as some private companies, people who want to know about blockchain. This is a brief story of why I got into the blockchain field, and I'm very honored to be invited to some of the international conferences to speak about the potential of blockchain technologies to be integrated into future business models.  

DAVID STARR: That's a great background. Thank you very much for sharing that. And I've talked with a lot of folks about blockchain and while it's easy probably for you and for David to see the applicability of the technology, a lot of folks are still perceiving blockchain as a great technology looking for a problem to solve. However, you seem to have a passion for blockchain used in data privacy scenarios. So I wonder if you could tell us a little bit about that. How is blockchain used in data privacy?  

KOHEI: There are some people who’ve misunderstood that data privacy is just in concealment because some people try to use blockchain technology with the encryptions. This means is not disclose the information to the end parties. However, the very important thing in data protection is to save the human rights especially giving users the data portability, data rights to claim their data ownership. This is a little bit difference of consumers and data protections. So blockchain is decentralized technologies. They have their own advantage such as data on blockchain is tamper-proof. This is the great advantage compared to the centralized database. That's why the blockchain database is an improvement. But under the data protection regulations, we have to comply with the data subject which means if a user requests to the data controllers, they have to respond to their request such as data deletions, data rectifications, and this is a requirement. In this sense, the data controllers this means maybe the blockchain owners need to comply with these regulations. This is not compatible at this moment under the data protection regulations such as GDPR. And this is very controversial when blockchain technology interoperates with the other parties such as transferring the data from the EU to the U.S. They have a different granularity of privacy regulations. So that's why blockchain has a very big potential. However, it's not been complied with the current data protection regulations. So we have to make in discussions whether blockchain is a perfect solution under those new regulations and how we have to adjust the parts of the blockchain features through the progression of the new regulations. 

DAVID STARR: That's a great perspective. And David, I wonder if you could speak to how blockchain fits into the larger IT ecosystem.

DAVID HOULDING: Yeah, happy to. And so I think a blockchain is a network technology in the sense of it's not necessarily technology that would be used within one organization; it's a technology that's used within a consortium of organizations. So if you have a group of organizations, whatever the industry, blockchain can be one of the key IT elements that enable the sharing of data and collaboration across that consortium in near real-time. And so blockchain is one of the pieces of the big IT machine which includes the servers of all of those organizations in that consortium because those servers are being integrated with blockchain. I think of blockchain as this backend B2B middleware.  

DAVID STARR: Oh, that's interesting.

DAVID HOULDING: Yeah. Blockchain is often surrounded by other IT infrastructure, for example, you've got transactions which go on to the blocks in the blockchain, and oftentimes you want to batch transactions so you put multiple transactions on a given block, and often message queues are used for that. And on the tail end of the reading of the blockchain, very often you want to use a database, an index database for high-speed search and read. And so a database co-exists with blockchain, and you may have AI and machine learning and other kinds of analytics running on top of the blockchain. And so blockchain really is a technology that co-exists with other IT infrastructure. You know in the early days, blockchain was really asserted as a bit of a silver bullet, and it was going to solve everything and of course, it has some merits, but it's not a silver bullet. It's one piece of the IT infrastructure. And it's really important when you think about blockchain to think about how does it fit in? How does it integrate? And what is the business value add of blockchain to that consortium of organizations, and blockchain becomes this cog in the big machine, nothing special just one other cog in the machine. And the end goal is always to realize the business value that you seek.  

DAVID STARR: All right. Great. Thank you for that. It seems like certain industries are more interested in blockchain for their use cases than others. So, Kohei, I wonder what industries are you seeing take up blockchain today and maybe you could talk a little bit about what they're using it for.

KOHEI: Sure. I suggest through parts of the industry especially the privacy related to the blockchain is through industries. One thing is about healthcare. We are in COVID-19 at this moment. And a lot of companies are trying to solve their problems through these types of technologies. A great example is healthcare passport which has taken some credentials on the identity. But in the processes, we have to solve the problems of whether the blockchain is compatible with the vaccine-related credential at this moment because as I mentioned in the last question, blockchain needs to solve the same problems under the data protection regulations, so that's fine. The healthcare passport has been a great example of the blockchain, but we have to overcome the same issues. One use case started last year. This is one consortium between the Swiss security companies and French Opera house and the time is developing the consortium which is tamper-proof certificated. Through the QR code, the user can easy to publish the use in health passport on the blockchain. This is more trusted parties and this is easy to potable your credential to any other purposes. But this project is not solvable of all things under the GDPR. So this is an agreement. But however, I believe this kind of the consortium development works based on the blockchains. The American Airline also tries to compare the blockchain or centralized database which has been a better choice for the healthcare passport. And currently, their choice is to go to the centralized such as AI data transparencies. But in the near future, they might choose the blockchain. It's a better choice if this technology will prove even the data protection regulation is coming they can use it to explain this technology has been compatible.  

The second case is advertisement industries. At this moment, many tech platforms such as Google and Facebook are using the user data through their collecting the browsers or cookies and other identifiers. So this is one big problem because the advertisement's mechanism is black box. The user is not able to see why this advertisement is being displayed on their browsers. That's a big problem. If the blockchain is used for the transparency purpose, user can easily see why you've chosen this advertisement, which advertiser is sharing that information with you. So those kinds of ecosystems are a requirement in the future. One of my friends, he crossed to the IAV Europe, he made a trial to use blockchain technology for that but actually this moment is a little bit fast to deploy in the business scenes. When it comes to consider the ROI of the business, it needs to gain returns through developing new technologies. The blockchain is the same argument at this moment if we invest to the blockchain how we can make returns through these infrastructures. So this is not solvable for all the proof of concept. So in these stages, we have to compare to the investment and returns may be some of the industry will be fine in any great outcomes through that. But at this moment, we are exploring which industry could be the best to fit these technologies.  

DAVID STARR: And how about you, David? What kind of investments are you seeing in blockchain?  

DAVID HOULDING: I'll supplement that a little bit with my area of focus which happens to be healthcare. And obviously, for healthcare, we're in the middle of COVID-19 right now, and getting vaccines out is very important, and there's the supply chain for drugs or medicines. And being able to track medicines through the supply chain like vaccines but also therapeutics and any kind of medicines and not just track their location but track the environmental parameters around them, so what was the temperature at any point? And making sure the temperature of the vaccine remains within safe bounds and it can be safe to use at the endpoint and rooting out drug counterfeiting and satisfying compliance with regulations such as the Drug Supply Chain Security Act (DSCSA) in the U.S. Those can all be very good use cases also tracking medical devices through the supply chain to ensure that the quality and authenticity of medical devices, that's another use case. So a professional credentials exchange, think of doctors that have MDs nurses that have RNs, and many other credentials and the health provider organizations that they practice at being able to quickly determine are those legitimate? Have they been verified recently and validated? And really accelerate and reduce costs. Clearinghouse transactions between healthcare providers and payers and anti-fraud remains one of the very key use cases for blockchain. So the immutability of the blockchain and the decentralization of blockchain nodes and being under different organizational control makes blockchain particularly good at mitigating and mitigating fraud or use in anti-fraud use cases.  

But as it pertains to privacy, one of the ones that Microsoft is really active is decentralized identity and so all of us have so many identities all over the place. What decentralized identity is, is actually putting the identity and the control of the identity in the actual data subjects' hands. And so decentralized identity can leverage public blockchains and can enable some very interesting use cases from a privacy standpoint. In privacy, we have this principle of minimization. In other words, you should only share the minimum data that you have to for the business need. And so we've all had situations where we've had to prove that we're over18, and how is that done today? Well, you have to show us something that has your date of birth on it. Well, actually, that's more information that you should have to share. What decentralized identity actually enables is you to assert a claim like I'm over 18 and that to be verified without you actually having to share your date of birth and that really helps with privacy because you're implementing that principle of minimization.  

DAVID STARR: And now let's take a moment to hear a very important message.  


The Azure Marketplace and AppSource marketplace provide opportunities to sell your Office 365 or Azure-based solutions to customers in over 140 countries giving you a new distribution channel for your products. Selling your products in the marketplaces brings benefits in terms of partnerships and collaboration with Microsoft as well as go-to-market benefits to help you be successful. To learn more, visit the following URL,, and discover how to be successful selling through the commercial marketplaces while generating hundreds of new leads.

DAVID STARR: So Kohei, I wonder if you could help us understand the difference between public and private blockchains. David talked a little bit about the different types of consortiums. So what's the difference?  

KOHEI: Sure. Consortium is either closed or open, and the public chain is the open network. Anybody can join the networks such as Bitcoin is the representative of the public chain. Private chain is a little bit closed such as the IBM is working on some consortium. Of course, Microsoft is doing that. Recently, they joined some consortium network in Japan as well which is ultimately the difference of the private blockchain. The case for the private blockchain is just some use cases, such as under the GDPR some energy project is struggling to solve their problems because they are now just trading electric transactions through the device to devices. In these cases, they're trying to combine the consumer's identity to the consumers. In this sense, they have to make structures to comply with the GDPR. One of my European friends is trying to work on these parts, how we can integrate the identity to the blockchain transactions whether those identities need to be stored on the blockchain or they put just an identified database on the cloud servers. So this is the kind of the architectural issues. Not all the cases comply with the GDPR. So every case is case by case and what kind of data they want to use on the private blockchain this is very important, the argument that we have to commit at this moment.  

In the case for the public blockchain, except for Bitcoin, we are not working so well. Other alternative is to try to work on this space. However, for the business purpose, it’s not working so well because I had a talk with some of the business companies who want to use blockchain technology in their ecosystem but actually is not experimental. The public blockchain is a continuous read on the transactions so they are not able to stop the networks. So this is a very big problem. For the business side, they want to start small and they're making a trial whether this proof of concept works or not so this why the public chain is not working so well on the enterprise side at this moment. So we have to compare which is a territory which is the obstacles we can overcome through the differences.  

The Japanese regulation is not defined yet. I'm working on the privacy space. We will be starting the new regulation next year. However, this is very obscure which kind of information will be available to put in on the blockchain or not. And compared to the GDPR, it's very strict in Europe but Japanese regulation is not defined a lot because we are not making guidelines or any things until they launch new regulations. In the Asian Pacific, this is also the same thing. I think compared to the Western countries, the privacy regulation is now just starting out and it's not a great definition in each country. So we have to commit it which data needs to be protected under the regulations. And then not only for the local regulation but also once you transfer the data to the other countries such as the EU to Asia, EU to Japan, we have to be in comparisons which kind of the regulation could be pre exempted. So this is a very important discussion at this moment. Otherwise, we are not able to choose whether the public or private blockchain is to be fitting in each other. 

DAVID STARR: That's a great explanation. I appreciate you talking about the environment in the Asia Pacific right now and how regulatory compliance really isn't a thing but the adoption of blockchain is still there. It sounds like there's a better case to be made for public rather than private at the moment.  

DAVID HOULDING: Actually, I'm seeing something very different, David. In healthcare, one of the things we have to contend with is regulations like HIPAA and that requires only authorized access to healthcare data. So as a result, all use cases of blockchain in healthcare that I've seen are using private blockchain where the organizations in the consortium know exactly what other organizations have access to. They're all well-known, they're all highly trusted, and they all have a need-to-know. So any industry that has strong requirements to ensure confidentiality and only authorized access to data I'm seeing them gravitate to private blockchain.  

DAVID STARR: Would the act of transferring medical records, for example, be something that blockchain would be applicable to?

DAVID HOULDING: Good question. And one of the things I'm seeing is the types of data that go on the blockchain generally is minimum but sufficient for the use case. And in particular, any personally identifiable information tends to be left off of the blockchain, and there are very specific reasons for that. The blockchain exists outside of the internal firewall of the organizations in the consortium. So it has a different risk profile that's arguably at higher risk. And so you want to be minimal but sufficient; only the required data goes on the blockchain. And generally, things like medical records and personally identifiable information can be left off of the blockchain and in access control databases in the consortium. Now on the blockchain, you still have to have identifiers, but those identifiers don't have to be sensitive information like social security number and date of birth; they can be opaque, meaningless identifiers that are only relevant in that blockchain. And the way you resolve those to personally identifiable information is in the access control databases is what I'm seeing. So the short answer to your question is I don't see any use cases where medical records themselves go on the blockchain. And certainly, the use cases I've seen everybody is trying to keep personally identifiable information off of the blockchain and one of the reasons for that is GDPR by the way. Because if you do need to be forgotten, if you've put that personally identifiable information in the ledger of the blockchain, you cannot delete it; it's immutable. So you can mark it as deleted, but the original record remains. So that's further reason to leave that personally identifiable information in the databases, not on the blockchain. And if the patient needs to be forgotten or the data subject needs to be forgotten per GDPR or whatever data protection law, then what you do is delete that information and the access control databases linked from the blockchain and that essentially de-identifies the data on the blockchain and you can comply with the regulations that way.

DAVID STARR: That makes every bit of sense. Thank you. So Kohei, I wonder if you could tell us a little bit more about Privacy by Design Lab.  

KOHEI: Sure. We are developing a privacy culture in this moment because unless we are developing a privacy-protected technology ecosystem, we won't be able to use new technologies for the societies. David mentioned medical is one of the sensitive areas to use new technologies. So a lot of companies or developers need to align of the sensitive data regulation as well. So our approach is developing privacy programs for the enterprises or the individuals to imagine what is  privacy and what is the requirements to develop the new infrastructures based on the privacy protections. We try to take a quotation of the Privacy by Design concept which Dr. Ann Cavoukian has proposed in 2010 which is a very new innovation we believe. We are trying to focus on data governance for enterprises. When it's coming to using our data, they have to consider user privacy first.

Otherwise, they are a missing piece under the regulations or the user abusement. So our approach is to try to coordinate the places to work together with the policymakers or private companies, decision-makers who want to succeed in a privacy concept. We propose this in some of the workshops or lectures to educate the people who want to start working in this space. And then we try to foster some experts or professionals who try to spread this concept into the market. And then we try to work with the other entity such as the organization in other countries to collaborate it to work for the best practice, the privacy regulations. Because I mentioned internationally we have different granularities of the privacy regulations. For the next phase, we have to align or adjust to each level of the privacy regulations. So this will take a lot to support and facilitate what kind of  practice is the best fit for the enterprises or internal operations to keep more sustainable privacy-based data societies.

DAVID STARR: That sounds like a pretty big mission. [Chuckles]  

KOHEI: Yeah, absolutely. But we're excited about that.

DAVID STARR: That's great. So we're getting down to closing out our conversation here but before we go, I just want to mention that we will have links in the show notes for Kohei's social of course, and David's so that you can follow them and get some more of their wisdom after the show. Also, we will be including links to any of the Microsoft technologies that were mentioned with regard to blockchain. And finally, we'll link out to the Government Blockchain Association that Kohei is a member of in fact, President of the Tokyo Chapter. So I want to say thank you so much, Kohei, for coming on the show today. It's been an absolute honor.

KOHEI: Yeah, great. I appreciated having a great time with you. I'm happy to be getting any message, questions to me through social media. I'm very active on Twitter as well as LinkedIn. Happy to join the conversation with you through the platform.  

DAVID STARR: Perfect. And David, thank you so much for being here. It's always nice to have you on the show.  

DAVID HOULDING: Thanks, everyone.  

DAVID STARR: Thank you for joining us for this episode of the Azure for Executives podcast. We love hearing from you, and if you have suggestions for topics, questions about issues discussed on the show, or other feedback, contact the show host David Starr or Paul Maher through the social media links included in the show notes for each episode. We look forward to hearing from you.