[thelist] Sensitve information on the web

Martin Burns martin at easyweb.co.uk
Sat Nov 6 05:23:29 CDT 2010

On 5 Nov 2010, at 18:44, Alex Beston wrote:

>> If it's actual *sensitive* personal information
>> (UK legal definition: http://www.ico.gov.uk/for_organisations/data_protection/the_guide/key_definitions.aspx )
>> you really should be encrypting *before* putting it in the db, even if the db has good access controls on it.
>> Score double if your db is on a different box to the webserver - you need to encrypt before it leaves the webserver box.
> +1 to the above, if its info *about* someone else you need to show
> that you are registered as a data controller.

Yes - that's a UK legal requirement (and very similar throughout the EU as EU data protection legislation is fairly harmonised). Applies even if you're just using EU-based kit.

Also be wary if you're storing personal information about EU citizens on servers outwith the EU.


> Spammers: Send me email -> yumyum at easyweb.co.uk to train my filter
> http://dspam.nuclearelephant.com/

More information about the thelist mailing list