[thelist] Sensitve information on the web

Alex Beston alex.beston at gmail.com
Fri Nov 5 13:44:19 CDT 2010

> If it's actual *sensitive* personal information
> (UK legal definition: http://www.ico.gov.uk/for_organisations/data_protection/the_guide/key_definitions.aspx )
> you really should be encrypting *before* putting it in the db, even if the db has good access controls on it.
> Score double if your db is on a different box to the webserver - you need to encrypt before it leaves the webserver box.

+1 to the above, if its info *about* someone else you need to show
that you are registered as a data controller. think its small figure
per yr, worth doing if thats what the OP is about

rgds, Alex


More information about the thelist mailing list