|
|
|
|
|
|
by gregw2
539 days ago
|
|
|
I don't disagree with you but as someone who has thought a moderate amount about data security at a "bigco", I will point out something I haven't seen people really talk about... Audit trails (of who did/saw what in a system) and PII-reduction (so you don't know who did what) are fundamentally at odds. Assuming you are already handling "sensitive PII" SSNs/payroll/HIPPA/creditcard# data appropriately, which constitutes security best practice: PII-reduction or audit-reduction? |
|
|