Re: [SPAM] Re: Key encryption and relational integrity
| От | Moreno Andreo |
|---|---|
| Тема | Re: [SPAM] Re: Key encryption and relational integrity |
| Дата | |
| Msg-id | 114d039f-9bb6-ae57-dc4d-97e0c926f849@evolu-s.it обсуждение исходный текст |
| Ответ на | Re: Key encryption and relational integrity (Rory Campbell-Lange <rory@campbell-lange.net>) |
| Список | pgsql-general |
Il 01/04/2019 20:48, Rory Campbell-Lange ha scritto: > On 01/04/19, Moreno Andreo (moreno.andreo@evolu-s.it) wrote: > ... >> I'm not forced to use pseudonimysation if there's the risk to get >> things worse in a system. I've got to speak about these"two opposing >> forces at work" to a privacy expert (maybe choosing another one, as >> Peter suggested :-) ) and ask him if it could be used as a matter of >> declining pseudonymisation because of "pseudonimysation puts at risk >> overall performance or database integrity" > How to interpret the pseudonymisation conditions is ... complicated. Yes, it is indeed... :-) > The > UK's Information Commissioner's Office (ICO) writes that > pseudoanonymisation relates to: > > “…the processing of personal data in such a manner that the personal > data can no longer be attributed to a specific data subject without > the use of additional information, provided that such additional > information is kept separately and is subject to technical and > organisational measures to ensure that the personal data are not > attributed to an identified or identifiable natural person.” > > and that this "...can reduce the risks to the data subjects". > > The concept of application realms may be relevant to consider here. An > application may be considered GDPR compliant without pseudonymisation if > other measures are taken and the use case is appropriate. That could be my case, so I'll have to discuss the strategy and measures to be adopted with a privacy consultant. > > On the other hand, a copy of a production database in testing which has > been pseudonymised may, if compromised, still leak personal data. As the > ICO states: > > “…Personal data which have undergone pseudonymisation, which could > be attributed to a natural person by the use of additional > information should be considered to be information on an > identifiable natural person…” > > https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-is-personal-data/ > > If leakage occurs pseudonymisation has achieved nothing. That's another aspect of the question. Thanks for the clarification, Moreno.-
В списке pgsql-general по дате отправления: