Developer forum

Forum » Feature requests » Data anonymization, dynamic data masking

Data anonymization, dynamic data masking

E-mail notifications
Adrian Ursu Dynamicweb Employee
Adrian Ursu
Reply
Posted on 16/05/2018 22:36:46

Hi Guys,

I would assume I am not the only one having paranoid customers because of GDPR, therefore I think this post might be interesting for others as well, although it will make Nicolai go crazy :)

One of our customers requested that we anonimize sensitive data stored in the database in order to prevent unauthorized access to data. I would agree that this approach will also offload some of our responsibilities but I am also worried about performance.

I have had  brief search on what is possible with SQL server and it looks there is something called Dynamic Data Masking. The principle is based on some permissions for users. Unauthorised users will see masked data while authorised ones will see real data. But this will solve it only partially since we store connections strings to database in clear without any encoding. SOmetimes we can use trusted connections sometimes we cannot. There are probably solutions to encrypt the connection string but this is already too evolved for my knowledge.

Any thoughts, ideas or plans for something like this?

Thank you,
Adrian


Replies

 
Nicolai Pedersen
Posted on 16/05/2018 23:09:49
Reply

Hi Adrian

Yes, I'll go crazy :-). GDPR is a organisation process issue - and very little technology. To the best of my knowledge there are no requirements to encrypt or mask personal data. You just have to 'protect' it, and you already do.

The anonymization part of GDPR is related to the "Right to be forgotten" where a user can request deletion of data. So instead of deleting an order, you can anonymize it - meaning delete enough data so it is no longer personal - i.e. name and email - maybe address.

That is a feature you will see coming in some way or another. Masking SQL data is not on my agenda...

BR Nicolai

 
Adrian Ursu Dynamicweb Employee
Adrian Ursu
Posted on 16/05/2018 23:41:57
Reply

Hi Nicolai,

I know it's not a GDPR requirement.

It's just another request from a customer that has been advised by some "specialist" or they have seen this feature in other solutions.

I had to ask.

Thank you,

Adrian

 
Nicolai Pedersen
Posted on 17/05/2018 01:03:30
Reply

Of course :-). Just ask them back, WHY?