Protecting Data
Protecting data is of utmost importance and needs to be a continual priority throughout a project. Many systems that we work with or are given access to store or surface sensitive data. This could include anything from company financial data and employment records to customer contact information or social insurance numbers.
Personally Identifiable Information (PII)
Personally Identifiable Information is any data that could be used to infer the identity of an individual directly or indirectly. Some examples:
- Full name
- Social Security Number (SSN)
- Driver's license
- Mailing address
- Credit card information
- Passport information
- Financial information
- Medical records
Ensure you are applying data encryption in transit and at rest and are intentional in your approach to protecting PII. Depending on the company that you are working with and the industry that they are in, there may be regulations that govern their use of PII. Ensure that you are proactive in these conversations and work with the client to ensure you are adhering to any regulations.
Minimize Risk
Embrace Datensparsamkeit ā only capture data you absolutely need.
When you have control over what will be stored or accessible from a system that you are working on, try to be a minimalist. If you can identify any data that you don't really need, you can reduce the surface area for risk by not collecting it.
One commonly forgotten source of data leaks is logging. Ensure that you are not storing personally identifiable information in application or server logs.