[thelist] Sensitve information on the web
Martin Burns
martin at easyweb.co.uk
Sat Nov 6 05:23:29 CDT 2010
On 5 Nov 2010, at 18:44, Alex Beston wrote:
>> If it's actual *sensitive* personal information
>> (UK legal definition: http://www.ico.gov.uk/for_organisations/data_protection/the_guide/key_definitions.aspx )
>> you really should be encrypting *before* putting it in the db, even if the db has good access controls on it.
>>
>> Score double if your db is on a different box to the webserver - you need to encrypt before it leaves the webserver box.
>
> +1 to the above, if its info *about* someone else you need to show
> that you are registered as a data controller.
Yes - that's a UK legal requirement (and very similar throughout the EU as EU data protection legislation is fairly harmonised). Applies even if you're just using EU-based kit.
Also be wary if you're storing personal information about EU citizens on servers outwith the EU.
Cheers
Martin
--
> Spammers: Send me email -> yumyum at easyweb.co.uk to train my filter
> http://dspam.nuclearelephant.com/
More information about the thelist
mailing list