Skip site navigation (1) Skip section navigation (2)

Re: HIPAA

From: Andrew Sullivan <ajs(at)crankycanuck(dot)ca>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: HIPAA
Date: 2004-03-09 11:41:11
Message-ID: 20040309114111.GA26751@phlogiston.dyndns.org (view raw or flat)
Thread:
Lists: pgsql-admin
On Mon, Mar 08, 2004 at 05:25:34PM -0500, Gorshkov wrote:
> it never ceases to amaze me at how consistantly people underestimate the 
> information that can be taken from a datum - especially when aggrigated with 
> data from other sources.

This is actually part of the argument for why you just shouldn't
store or ask for a lot of stuff in the first place.  Of course it's
true that the little bit of data that you have can be aggregated with
the little bit of data someone else has in case a dedicated attacker
is trying to build up a full data set.  But given that there are
these data, nobody is actually going to be able to prevent such an
attacker anyway.  All you can do is limit your own liability in
exposing data; and that means collecting as little (not as much) as
you can, and then further attempting to protect the data you actually
do collect.

A

-- 
Andrew Sullivan  | ajs(at)crankycanuck(dot)ca
This work was visionary and imaginative, and goes to show that visionary
and imaginative work need not end up well. 
		--Dennis Ritchie

In response to

  • Re: HIPAA at 2004-03-08 22:25:34 from Gorshkov

pgsql-admin by date

Next:From: Yauger, Joshua (Contractor)Date: 2004-03-09 13:32:49
Subject: Cygwin - Cygnus for Windows - Linux based ported to Windows
Previous:From: Silvana Di MartinoDate: 2004-03-09 11:20:59
Subject: Re: pgcrypto and database encryption

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group