The less data you store, the fewer security hazards you expose yourself to, and the safer your participants will be. Don't hoard data on the theory that it'll become useful - only save what you need, and question yourself every time you get into a situation where you think you need it.
If you must store data, especially sensitive data, don't ever store it in plain-text! Look into hashing algorithms like bcrypt.
Always give your participants the option to delete their data, and actually delete it when they ask you to.
In Europe we must comply to GDPR which is coming into practise in the next few months. We’ve had to implement what you mentioned on every single system which holds more than one piece of identifying information about a user.
Not everything, just database tables containing personally identifiable information. You’ll want to encrypt this information rather than hash it, as you’ll more than likely need to retrieve it at a later date. Here is a good read which explains the legislation in more detail: techblog.bozho.net/gdpr-practical-...
The less data you store, the fewer security hazards you expose yourself to, and the safer your participants will be. Don't hoard data on the theory that it'll become useful - only save what you need, and question yourself every time you get into a situation where you think you need it.
If you must store data, especially sensitive data, don't ever store it in plain-text! Look into hashing algorithms like bcrypt.
Always give your participants the option to delete their data, and actually delete it when they ask you to.
In Europe we must comply to GDPR which is coming into practise in the next few months. We’ve had to implement what you mentioned on every single system which holds more than one piece of identifying information about a user.
So it's not just a good idea, it's the law ;)
What did you do, just hash or encrypt everything? We are facing the same right now.
Not everything, just database tables containing personally identifiable information. You’ll want to encrypt this information rather than hash it, as you’ll more than likely need to retrieve it at a later date. Here is a good read which explains the legislation in more detail: techblog.bozho.net/gdpr-practical-...
I agree. The idea of soft-deletes irks me. My personal data isn't a line in a log file which one would wanna keep for as long as possible.
I created an account, said my name is Rexford. Now I'm leaving, and say, delete that data, and then soft-deletes it?
It's so crazy of an approach not sure why it still exists.