Re: Database Encryption (now required by law in Italy)

From: Dave Ewart <Dave(dot)Ewart(at)cancer(dot)org(dot)uk>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: Database Encryption (now required by law in Italy)
Date: 2004-03-05 12:12:54
Message-ID: 20040305121254.GK13042@nemesis.ox.icnet.uk
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Friday, 05.03.2004 at 12:52 +0000, Silvana Di Martino wrote:

> Deciding which data are relevant is not easy. The law stipulates that all of
> the "personal data" have to be encrypted and that "personal data" are the
> data that allow a "spy" to infer any of the following information about a
> person:
> - identity
> - age
> - health status
> - political orientation
> - religious faith
> - address
> - phone number
> - email address
> - and a few more...

Interesting - of course some of the above, such as age, political
orientation and religious faith are NOT personal data if the other
identifying information is absent (e.g. you know that someone aged 35 is
a Communist and a Christian - not terribly helpful on its own).

The exception to that rule is where there are very few people having the
characteristics in question.

But as you say, encrypting 'the whole database' in some way is probably
safest ...

If you find any 'automated' front-end to do this at the database-level,
rather than something like loopback at the filesystem level or at the
field level for specific fields, I think there would be a lot of
interest.

Dave.
--
Dave Ewart
Dave(dot)Ewart(at)cancer(dot)org(dot)uk
Computing Manager, Epidemiology Unit, Oxford
Cancer Research UK
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Silvana Di Martino 2004-03-05 12:51:54 Re: Database Encryption (now required by law in Italy)
Previous Message Dave Ewart 2004-03-05 12:08:02 Re: Database Encryption (now required by law in Italy)