Hacker News new | past | comments | ask | show | jobs | submit login

> Personal data that is not required for transactional use should be either encrypted, pseudonymized or anonymized.

Sorry, just to nitpick, creating anonymized data isn't that easy, and I'm worried something like that would get miss-used like some password breaches (the passwords were encrypted with md5, they're still secure). I can store all this customer data without consideration, because a company thinks they've anonymized something that isn't actually anonymized.

Here's a blog post I made on the topic: https://gravitational.com/blog/hashing-for-anonymization/

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact