undefined | Better HN

0 pointslegitster6y ago0 comments

According to our council, even encrypted or hashed data was still counted as PII as those are security measures, not privacy measures.

0 comments

ziddoap6y ago

I mean, trust your council over some random guy on the internet (me), but I would seek a second opinion on this from a technilogically savvy lawyer.

There are absolutely implementations available that will allow you to have a hash, not tied to other data, sitting in your opt-out list that you than check other hashes against. No PII in the mix.

MattPalmer10866y ago

If I got the hash database I could absolutely test whether specific people were in it, and I could probably reverse a large number of them with dictionary based attacks.

There are no completely robust options where you can claim that this data cannot compromise personal privacy, so I guess from a legal perspective it doesn't stop it being PII.

j / k navigate · click thread line to collapse