fmstrat@lemmy.nowsci.com to Technology@lemmy.worldEnglish · 1 month ago2.9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposedwww.tomsguide.comexternal-linkmessage-square141fedilinkarrow-up1522arrow-down18
arrow-up1514arrow-down1external-link2.9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposedwww.tomsguide.comfmstrat@lemmy.nowsci.com to Technology@lemmy.worldEnglish · 1 month agomessage-square141fedilink
minus-squareBrianTheeBiscuiteer@lemmy.worldlinkfedilinkEnglisharrow-up13arrow-down1·1 month agoPII data at rest (i.e. in a database) must be encrypted.
minus-squarefmstrat@lemmy.nowsci.comOPlinkfedilinkEnglisharrow-up3arrow-down2·1 month agoIf the DB is running, it’s not at rest. Clients side encrypted data would be the way.
minus-squareBrianTheeBiscuiteer@lemmy.worldlinkfedilinkEnglisharrow-up1·1 month agoI think my definition is pretty standard: https://en.m.wikipedia.org/wiki/Data_at_rest
minus-squarefmstrat@lemmy.nowsci.comOPlinkfedilinkEnglisharrow-up1·1 month agoThe catch is interpretation, which the wiki points out: “Inactive data” could be taken to mean data which may change, but infrequently. Any company like this one would consider this data “in use” but “inactive” because any person could need a loan at any point.
PII data at rest (i.e. in a database) must be encrypted.
If the DB is running, it’s not at rest. Clients side encrypted data would be the way.
I think my definition is pretty standard: https://en.m.wikipedia.org/wiki/Data_at_rest
The catch is interpretation, which the wiki points out:
Any company like this one would consider this data “in use” but “inactive” because any person could need a loan at any point.