Skip site navigation (1) Skip section navigation (2)

Re: Database Encryption (now required by law in Italy)

From: Silvana Di Martino <silvanadimartino(at)tin(dot)it>
To: Radu-Adrian Popescu <radu(dot)popescu(at)aldratech(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Database Encryption (now required by law in Italy)
Date: 2004-03-05 12:52:05
Message-ID: 200403051245.10681.silvanadimartino@tin.it (view raw or flat)
Thread:
Lists: pgsql-admin
Alle 09:10, venerdì 5 marzo 2004, Radu-Adrian Popescu ha scritto:
> Are you sure you need to encrypt the _database_ ? It seems strange to
> require encryption
> of all the data, as you would get using LoopAES. I think you only need
> to decide (and probably
> the privacy protection law stipulates this) what data you need to
> encrypt and store that data
> encrypted in the database; such as customer's names, addresses, social
> data, payment data
> and so on. On the other hand, I think you should be doing this anyway.
> I know we are :-)

Deciding which data are relevant is not easy. The law stipulates that all of 
the "personal data" have to be encrypted and that "personal data" are the 
data that allow a "spy" to infer any of the following information about a 
person:
- identity
- age
- health status
- political orientation
- religious faith
- address
- phone number
- email address
- and a few more...
As you can see, almost everything is a "personal data". At least, almost 
everything worth to be stored in a database is.

We just think it is easier and safer to encrypt the whole database, or even 
the whole disk, than try to understand what the law actually means.

At the moment, our data are on a server protected by a firewall and accessible 
just by authorized people. This was clearly declared as being "sufficient" by 
the italian law until December 2003. The new law, instead, clearly states 
that personal data have to be encrypted even when stored in a safe place like 
that.

See you
-----------------------------------------
Alessandro Bottoni and Silvana Di Martino
alessandrobottoni(at)interfree(dot)it
silvanadimartino(at)tin(dot)it

In response to

Responses

pgsql-admin by date

Next:From: Silvana Di MartinoDate: 2004-03-05 12:52:39
Subject: Re: Database Encryption (now required by law in Italy)
Previous:From: Silvana Di MartinoDate: 2004-03-05 12:51:54
Subject: Re: Database Encryption (now required by law in Italy)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group