You are reading a single comment by @hippy and its replies. Click here to read the full conversation.
  • What do you mean 'only store collections of identifiers'? Where is the actual data then? It needs to be linked up for use, which would mean it could be linked by someone compromising the database while at rest, no?

    Under GDPR, if I were selling you something, I might have a shopping cart that said:

    profileID: 47714
    items: 1 x clydesdale wheelset

    Nothing in there is personally identifiable, so it needs less protection.

    But somewhere, there would be a system that could take profileID and translate that into "hippy".

    That system/service, that does the translating is the one that would be audited, alerted, protected, secure.

    And then you may imagine that actually a billing system starts to look ridiculous as it's just a collection of identifiers. Something like:

    profileID: 47714
    addressID: 98756
    emailID: 98436
    paymentMethodID: 54217

    A system like that is fine under GDPR, and can be compromised. It tells you nothing.

    The difference ultimately is the answer to the question, "Where are the fortress boundaries?".

    In older systems, the fortress boundary was the network perimeter. Once compromised, everything was accessible.

    In new systems, the fortress boundary will be a specific single-purpose datastore/service, and compromising a network perimeter gets you nothing at all. You'd need to compromise every internal fortress too.

About

Avatar for hippy @hippy started