undefined | Better HN

0 pointsjeffffff4y ago0 comments

this doesn't cut it. someone could take a list of email addresses, hash them, and then reidentify the dataset. hashing buys you nothing from a gdpr/ccpa compliance perspective, storing the hash is seen as no different from storing the pii itself. it really only makes things harder because it becomes more difficult to find where all the pii is when someone submits a request for you to return or delete their data.

0 comments

ahofmann4y ago

Do you have a source for this? I thought for the gdpr it was enough that data is not easily accessible. For example, it is not necessary to delete PII from backups unless they can be automatically restored (and are reasonably encrypted). Hashing PII thus falls under this category.

jeffffffOP4y ago

i don't have a source i can link here, this is guidance i have gotten from lawyers.

j / k navigate · click thread line to collapse

0 pointsjeffffff4y ago0 comments

0 comments

ahofmann4y ago

jeffffffOP4y ago

i don't have a source i can link here, this is guidance i have gotten from lawyers.

j / k navigate · click thread line to collapse