| From: | Andrew Sullivan <ajs(at)crankycanuck(dot)ca> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: HIPAA |
| Date: | 2004-03-09 11:41:11 |
| Message-ID: | 20040309114111.GA26751@phlogiston.dyndns.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Mon, Mar 08, 2004 at 05:25:34PM -0500, Gorshkov wrote:
> it never ceases to amaze me at how consistantly people underestimate the
> information that can be taken from a datum - especially when aggrigated with
> data from other sources.
This is actually part of the argument for why you just shouldn't
store or ask for a lot of stuff in the first place. Of course it's
true that the little bit of data that you have can be aggregated with
the little bit of data someone else has in case a dedicated attacker
is trying to build up a full data set. But given that there are
these data, nobody is actually going to be able to prevent such an
attacker anyway. All you can do is limit your own liability in
exposing data; and that means collecting as little (not as much) as
you can, and then further attempting to protect the data you actually
do collect.
A
--
Andrew Sullivan | ajs(at)crankycanuck(dot)ca
This work was visionary and imaginative, and goes to show that visionary
and imaginative work need not end up well.
--Dennis Ritchie
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yauger, Joshua (Contractor) | 2004-03-09 13:32:49 | Cygwin - Cygnus for Windows - Linux based ported to Windows |
| Previous Message | Silvana Di Martino | 2004-03-09 11:20:59 | Re: pgcrypto and database encryption |