|
|
|
|
|
|
by pawelk
2952 days ago
|
|
|
> Hacking is not a problem you can solve by passing a regulation that says "don't get hacked". It doesn't say "don't get hacked", it says "if (when?) you get hacked, minimize the the cost to people who trusted you with their data". And the easy way to conform is: 1. do not collect more than you need to provide the service, and 2. do not keep the data you don't need any more just in case. Which should be the default, but in the world of cheap storage and data mining seems to be forgotten, or an afterthought. E.g. when a user unsubscribes we tend to set the flag "subscribed" to false next to the rest of their data, instead of removing the e-mail address we don't need. |
|
|