Re: HIPAA - Mailing list pgsql-admin

From Andrew Sullivan
Subject Re: HIPAA
Date
Msg-id 20040309114111.GA26751@phlogiston.dyndns.org
Whole thread Raw
In response to Re: HIPAA  (Gorshkov <listsubscriptions@oghma.on.ca>)
List pgsql-admin
On Mon, Mar 08, 2004 at 05:25:34PM -0500, Gorshkov wrote:
> it never ceases to amaze me at how consistantly people underestimate the
> information that can be taken from a datum - especially when aggrigated with
> data from other sources.

This is actually part of the argument for why you just shouldn't
store or ask for a lot of stuff in the first place.  Of course it's
true that the little bit of data that you have can be aggregated with
the little bit of data someone else has in case a dedicated attacker
is trying to build up a full data set.  But given that there are
these data, nobody is actually going to be able to prevent such an
attacker anyway.  All you can do is limit your own liability in
exposing data; and that means collecting as little (not as much) as
you can, and then further attempting to protect the data you actually
do collect.

A

--
Andrew Sullivan  | ajs@crankycanuck.ca
This work was visionary and imaginative, and goes to show that visionary
and imaginative work need not end up well.
        --Dennis Ritchie

pgsql-admin by date:

Previous
From: Silvana Di Martino
Date:
Subject: Re: pgcrypto and database encryption
Next
From: Jeff Boes
Date:
Subject: Transaction logs gone, how to restart?