Search Postgresql Archives

Re: [SPAM] Re: Key encryption and relational integrity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Il 01/04/2019 20:48, Rory Campbell-Lange ha scritto:

On 01/04/19, Moreno Andreo (moreno.andreo@xxxxxxxxxx) wrote:
...

I'm not forced to use pseudonimysation if there's the risk to get
things worse in a system. I've got to speak about these"two opposing
forces at work" to a privacy expert (maybe choosing another one, as
Peter suggested :-) ) and ask him if it could be used as a matter of
declining pseudonymisation because of "pseudonimysation puts at risk
overall performance or database integrity"

How to interpret the pseudonymisation conditions is ... complicated.

Yes, it is indeed... :-)

  The
UK's Information Commissioner's Office (ICO) writes that
pseudoanonymisation relates to:

     “…the processing of personal data in such a manner that the personal
     data can no longer be attributed to a specific data subject without
     the use of additional information, provided that such additional
     information is kept separately and is subject to technical and
     organisational measures to ensure that the personal data are not
     attributed to an identified or identifiable natural person.”

and that this "...can reduce the risks to the data subjects".

The concept of application realms may be relevant to consider here. An
application may be considered GDPR compliant without pseudonymisation if
other measures are taken and the use case is appropriate.
That could be my case, so I'll have to discuss the strategy and measures to be adopted with a privacy consultant. 

On the other hand, a copy of a production database in testing which has
been pseudonymised may, if compromised, still leak personal data. As the
ICO states:

     “…Personal data which have undergone pseudonymisation, which could
     be attributed to a natural person by the use of additional
     information should be considered to be information on an
     identifiable natural person…”

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-is-personal-data/

If leakage occurs pseudonymisation has achieved nothing.


That's another aspect of the question.

Thanks for the clarification,

Moreno.-
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux