fmstrat@lemmy.nowsci.com to Technology@lemmy.worldEnglish · 3 months ago2.9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposedwww.tomsguide.comexternal-linkmessage-square140fedilinkarrow-up1516arrow-down18 cross-posted to: [email protected]
arrow-up1508arrow-down1external-link2.9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposedwww.tomsguide.comfmstrat@lemmy.nowsci.com to Technology@lemmy.worldEnglish · 3 months agomessage-square140fedilink cross-posted to: [email protected]
minus-squareBrianTheeBiscuiteer@lemmy.worldlinkfedilinkEnglisharrow-up16arrow-down1·3 months agoPII data at rest (i.e. in a database) must be encrypted.
minus-squarefmstrat@lemmy.nowsci.comOPlinkfedilinkEnglisharrow-up3arrow-down2·3 months agoIf the DB is running, it’s not at rest. Clients side encrypted data would be the way.
minus-squareBrianTheeBiscuiteer@lemmy.worldlinkfedilinkEnglisharrow-up1·3 months agoI think my definition is pretty standard: https://en.m.wikipedia.org/wiki/Data_at_rest
minus-squarefmstrat@lemmy.nowsci.comOPlinkfedilinkEnglisharrow-up1·3 months agoThe catch is interpretation, which the wiki points out: “Inactive data” could be taken to mean data which may change, but infrequently. Any company like this one would consider this data “in use” but “inactive” because any person could need a loan at any point.
PII data at rest (i.e. in a database) must be encrypted.
If the DB is running, it’s not at rest. Clients side encrypted data would be the way.
I think my definition is pretty standard: https://en.m.wikipedia.org/wiki/Data_at_rest
The catch is interpretation, which the wiki points out:
Any company like this one would consider this data “in use” but “inactive” because any person could need a loan at any point.