IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [pii]

37 questions
1
vote
0 answers

Choosing the right salt to pseudo-anonymize data and be GDPR compliant

In my company, numeric user IDs are considered PIIs and therefore need to be pseudo-anonymized to be GDPR compliant. To do so, we populate a lookup table where to each ID is assigned a monotonically decreasing gdpr_ID. Then when users are inactive…
Vektor88
  • 111
  • 2
1
vote
0 answers

How to protect PII data from being sold or exposed by employees

For PII, we capture mostly emails, mobile and name of users who signup on our website. Along with this purchases made by users are also a sensitive data. Protecting this data for users privacy is as important as not letting any disgruntled employee…
Abhinav
  • 139
  • 4
1
vote
0 answers

What would be the logical approach in breaking down the following scenario in regard to CISSP Domains?

I'm currently doing my Cyber Security Certification program, I along with my fellow classmates are in Beginner stages. Over the past few weeks we have been writing up variety of Discussions using Domains 1 to 5, for this Week we are given a scenario…
0111010001110000
  • 33
  • 4
1
vote
3 answers

Is an email domain name considered PII?

For example, can you reference a customer by their domain in an email? Each customer in a system can be associated with a domain, and some domains are associated with a single customer.
G SB
  • 13
  • 2
1
vote
0 answers

How have you secured production data (PII) on non-prod environments?

Data protection laws including GDPR state: “Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.” GDPR stipulates data…
Architect
  • 631
  • 1
  • 6
  • 9
1
vote
5 answers

Username in browser history (url) - is this a security problem?

We have a client complaining that there is PII in the browser history (as in the persistent history you get to through your browser's menu - Ctrl + H in Chrome). For example, the URL for editing a user is something like:…
jbyrd
  • 149
  • 4
1
vote
1 answer

Why should relatively-public personal identifying information be kept secret online if at all?

I don't want to get hung up on technical terms, just laying out basics for this question: I understand personal identifying information (PII) as that info which is not apparent to people who cross paths with you day to day and which could be used to…
cr0
  • 371
  • 2
  • 4
  • 15
1
vote
1 answer

How we can PoC our product that needs training data for our machine learning algorithm of the the bank clients?

Recently, we have had a challenge with potential future clients which are the bank. Our product requires to gather static data (e.g. address, loans, last 50 transactions, etc) of banks clients. These banks do their PoC in the public cloud, the banks…
Filipon
  • 1,204
  • 10
  • 22
1
vote
1 answer

Can you tell me if my design is secure?

I'm designing a database interface for a system that could store PII. My first focus is on making sure all the data is secure, to do this I have designed the system as follows. I'm running three separate servers with three separate roles. Server 1,…
Will
  • 11
  • 2
1
vote
0 answers

Do S3/Azure/GCS bucket names/keys represent personally identifiable information

We have an event-sourced system that uses a forward-only immutable event store. If we store personally identifiable information in this store, we'll be in trouble with regards to GDPR, as deletion of events is not an option. We have assessed the…
spender
  • 121
  • 6
0
votes
2 answers

Secure data (+ private key) storage in an insecure public cloud environment

We are trying to encrypt files in a manner that they can be completely secure in an insecure environment (like a public cloud). We're talking about military grade secure. The data should be so secure in the public cloud, that the employees cannot…
Munchkin
  • 212
  • 2
  • 10
0
votes
0 answers

Personally identifiable information not behind account credentials

This is the first time I've posted to this site, so if this question belongs somewhere else please let me know. I recently was using an online service which I will not name, and I realized that there were some pages on the site containing a lot of…
j_v_wow_d
  • 101
0
votes
0 answers

What metadata could be stored in the IPFS network and what could be collected by modified nodes?

I'm guessing uploading to IPFS also uploads some metadata, which gets shared as well, does this assumption hold any truth? According to this only content identifiers and node identifiers are in the public. Does uploading a file leak any of your…
Sir Muffington
  • 1,447
  • 2
  • 9
  • 22
0
votes
1 answer

Which is the preferred way of encrypting Personal Identifiable Information?

What is the preferred way to implement personal information encryption / decryption? After some reading, the main options appear to be: Encrypt/Decrypt it at the database level Encrypt/Decrypt it at the backend level Encrypt/Decrypt it at the…
Jan Vladimir Mostert
  • 261
  • 3
  • 10
0
votes
4 answers

How to protect email addresses in a customer database when you and other third parties must be able to send emails?

I am wondering what methods are used by big companies to protect customer email addresses in their databases. They usually have salespeople all over the world and multiple third-parties (Salesforce, transactional emails, etc.) also need to access…
C.Card21
  • 1
1
2
3