[philipodonnell]

It came up for me when designing a custodial management system for cryptocurrencies, where you could design it in such a way that the different steps/sensitive data were divided among separate systems and communication channels. I wanted some way to divide up responsibilities for processing a transaction (initiation, audit, control, approval, transmission) and then prove that any single component could be 100% compromised without allowing further unauthorized transactions. Even introducing temporary transformations (encryption/hashing) and re-routing keys specifically to prevent collisions of that data.

I noticed how similar the thought process was to GDPR work I've been involved in, where, for example, we can keep track of Last name and Phone Number in our company, but they could never be at rest unencrypted and unhashed in the same system. Or First Name + Job Title + Location but only 2 of those three can co-exist. It seemed like the kind of thing that would have a formal way of expressing. Our GDPR consultants were unhelpful in that.