On Wed, Nov 18, 2015 at 3:49 PM, John McKown <john.archie.mckown@xxxxxxxxx> wrote: > Not necessarily. Think PHI or HIPAA information which was "erased" because > you lost a customer. Or just something as "simple" as a name, address, and > credit card number for someone. It's still important and useful to thieves > if it is "erase". I can see a smaller company using PG for accounting and > billing information. But it really should be encrypted. I often wonder how > many "small" businesses actually do that. I a truly ignorant on that point. > > That's not even getting into government information that might be of > interest to others such as the FSB or even Wikileaks (regardless of one's > opinion them). Of course, I don't really know if any government or other > "high security" industry is actually using PG for secure information. It's quite a stretch to assume that HIPAA applies to internal garbage collection minutia. If you believe that, then you'd have apply it to the filesystem physical media as well, including swap. Meaning, each time you delete a customer record, you'd have to back up and restore the database after zeroing out the file system. So, basically, uh, no. A much better way to look at compliance is to encrypt all sensitive details and, when the customer relationship is gone, delete the key. This puts the responsibility for information security (if taken to that extreme) back into the application which is where it belongs. merlin -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general