GDPR:静态加密而不是数据查找表 [英] GDPR: encyption at-rest instead of data lookup tables

问题描述

静态加密 - 以加密格式将数据存储在您的存储/数据库中.在处理过程中，你每次都需要解密数据，计算一些东西，然后再加密回来(加密由存储管理).

Encryption at-rest - is storing data inside your storage/database in encrypted format. During processing you need to decrypt data every time, calculate something and then encrypt everything back (encryption is managed by storage).

静态加密能否解决被遗忘权"问题?当您不能使用静态加密并且应该选择数据查找表和伪匿名化?

Does encryption at-rest resolve "right to be forgotten" issue? When you can't go with encryption at-rest and should choose data lookup tables and pseudo-anonymization?

与数据查找表不同，静态加密更容易实现.不过，这可能会影响您的表现，甚至可能会影响计费.

Unlike data lookup tables, encryption at-rest is much easier to implement. It can affect your performance though, and maybe billing.

AFAIK 由于 GDPR，您不应停止处理或删除匿名数据.另一方面，ETL 作业必须具有解密数据的权限.意味着有权运行作业的每个人(即开发人员、数据科学家或 QA)仍然可以使用加密密钥解密(去匿名化)数据.

AFAIK due to GDPR, you shouldn't stop processing or remove anonymized data. In other hand, ETL jobs must have permissions to decrypt data. Means everyone who has privileges to run a job (i.e. developer, data scientist or QA) will still be able to decrypt (de-anonymize) the data with encryption key.

推荐答案

如果加密发生在存储层，那么它无助于被遗忘权.如果您想使用加密来解决被遗忘权的挑战，那么我建议每个数据主体使用唯一的加密密钥.如果需要忘记数据主体，您可以删除加密密钥的副本，并且您已经有效地加密粉碎"了受该密钥保护的所有数据.为此，您需要仔细设计您的架构(例如，您是否可以将密钥与数据分开，以便它不会被备份，并找到另一种方法来确保在 DR 场景中当前密钥的可用性等).

If encryption is occurring at the storage layer then it does not help with the right to be forgotten. If you want to use encryption to solve the right to be forgotten challenge, then I would suggest using a unique encryption key per data subject. If a data subject needs to be forgotten, you can then delete your copy of the encryption key and you have effectively "crypto-shredded" all the data that is protected by that key. For this to work best you would need to carefully design your architecture (e.g. can you keep the key separate to the data, so that it isn't backed-up and find another way to ensure availability of current keys in a DR scenario etc).

数据查找表相当于标记化服务，您可以在其中用标记替换数据主体的姓名或其他详细信息.通过删除(或更改)数据查找表中的令牌，您已经删除了将令牌解析回实际数据主体的能力.这将对已实现的遗忘"程度提供较低程度的保证，因为您仍然可以通过有关数据主体的其他信息间接识别数据主体.看看 https://en.wikipedia.org/wiki/K-anonymity 深入理解这个概念.

A data lookup table is the equivalent of a tokenization service, where you're replacing a data subject's name or other details with a token. By deleting (or altering) the token in the data lookup table you have removed the ability to resolve the token back to the actual data subject. This would provide a lesser degree of assurance as to the level of "forgotten-ness" that had been achieved as you might still be able to identify a data subject indirectly through other information about them. Have a look at https://en.wikipedia.org/wiki/K-anonymity to understand this concept in-depth.

这篇关于GDPR:静态加密而不是数据查找表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！