Is there any guidance on whether you should store sensitive personal information, such as Personally Identifiable Information on Canton as an organisation that’s trusted with such information ?
If not, what are the reasons that’s not recommended ?
The same rules for the handling of PII apply on Canton as on any other software system. Data access and privacy are a core feature of Daml and Canton that make it possible to comply with most of the regulation around PII.
The area that most blockchain systems struggle with is the right to forget. Canton does not have this problems thanks to its participant and ledger pruning features. Note that ledger pruning is not available on the Besu and Fabric sequencer integrations, though, since those systems themselves don’t have suitable mechanisms for data deletion.