As a best practice Kaleido strongly discourages against the storage of any personally identifiable information (PII) on the blockchain. This extends not only to plaintext data, but also payloads that have been otherwise encrypted or passed through a secure hashing algorithm. The rationale behind this recommendation is derived from the indelible nature of blockchain. Anything written to the ledger maintains a historical footprint, and thus creates considerable challenges around data removal and legal compliance.
For scenarios where PII absolutely must be written to the chain, organizations should confer with their in-house counsel for potential future security ramifications, and with risk officer(s) + IT admins for proper data obfuscation techniques. Regardless of any exercised due diligence, Kaleido unequivocally advises against appending PII to the blockchain.
What is PII and Personal Data?
NOTE: The following resources are solely for convenience and should be treated as such. Your legal department is responsible for precisely defining the boundaries of PII and ultimately ensuring the necessary levels of compliance (e.g. PII for GDPR).