On Friday, 05.03.2004 at 09:21 +0000, lnd@hnit.is wrote:
> Is it enough to encrypt some table fields only, i.e. "personnal data"
> personal(social security) number, name-surname and birth data - if one
> can not easily tell whom the data(e.g. bank account) belongs to then
> it may be quite enough?
>
> Just because "personal" data is quite a loose term: it can be all or
> nearly nothing.
I realise the original poster is from Italy, but in the UK there is a
Data Protection Act which defines personal data.
It says that personal data means "data that relate to a living
individual who can be identified from those data or from those data and
other information in the possession of, or likely to come into the
possession of, the data controller". This seems like a good definition
to me, although we extend it to also apply to people who have died.
There is an extension which states that "sensitive" personal data is a
subset of personal data where the data is one of several categories,
such as "physical or mental health" (this is most appropriate one of for
us, doing medical research).
I guess there may similar legislation in Italy and elsewhere.
Suggestions:
1. You need to decide which fields in the database should be encrypted.
2. Perhaps keep all 'personal' data in a separate table and control
access to that table more closely with database permissions.
Optionally, encrypt the contents of that table too.
3. Use a loopback-encrypted filesystem.
Dave.
--
Dave Ewart
Dave.Ewart@cancer.org.uk
Computing Manager, Epidemiology Unit, Oxford
Cancer Research UK
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
