Hacker News new | ask | show | jobs
by tyler_larson 3049 days ago
Encrypt all person-specific data with the a key unique to that person, and if the person requests deletion, delete the key. This effectively deletes all backups.
1 comments
mappu 3049 days ago
Help me understand - that seems like it just centralizes the problem. Since the key is now PII-equivalent, how is the key storage backed up?
link
the_mitsuhiko 3049 days ago
Revolving backups and you throw away old ones. After 30 days or so theast traces of a customer’s keys will be gone.
link
mappu 3048 days ago
In that situation, the data is "inaccessible" but a data breach during the backup retention period will still leak their details.

We can already achieve that result by removing records from the live DB and ignoring the whole backup situation.

So what has this separate encryption process achieved?

link
the_mitsuhiko 3048 days ago
It has achieved that within a time frame PII of a user are removed from backups.
link