You are reading a single comment by @Velocio and its replies.
Click here to read the full conversation.
-
The new standard with GDPR in mind, is to isolate all information from each other, allocate each an identifier, and only store collections of identifiers, and then use systems of record to resolve bringing the information together at a time when you need to (whilst auditing access to each system of record, and alerting on abnormal access patterns, etc).
GDPR is pretty interesting, read about it here: https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-8-pseudonymization/
Velocio
hippy
In terms of "published", what if it's stored and not published? What are 'reasonable means' required to protect an account number? Will a password protected login do or do the ICO require this data to be encrypted? Do these requirements change if the account details are linked to an individual?