Re: Key encryption and relational integrity

On 3/28/19 7:29 AM, Moreno Andreo wrote:
> Il 27/03/2019 07:42, Tony Shelver ha scritto:
>> Not in Europe, but have worked a bit with medical records systems in 
>> the USA, including sharing across providers.

>> The only other way to do it would be to store the encrypted key value 
>> in both user.id <http://user.id> and medications.user_id.  That would 
>> encrypt the data and maintain relational integrity.
> Hmmm... if user.id and medications.user_id are the same, I can link user 
> with medication... and GDPR rule does not apply..... or am I missing 
> something?

Yes the link means that someone could use the medications.user_id to 
fetch the rest of the user information from the user table. Unless you 
encrypted that information also, which I gather you do not want to do 
for performance reasons.


-- 
Adrian Klaver
adrian.klaver@aklaver.com