Automatic Redaction of PII

Question

Automatic Redaction of PII

Steve Jones - SSC Editor

SSC Guru

Points: 736212
More actions
February 29, 2020 at 12:00 am

#3729448

Comments posted to this topic are about the item Automatic Redaction of PII

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply

Mark Moss Valued Member Points: 64 More actions · Answer 1

Steve,

While I do like the article that you wrote, I would like to point out that you never defined PII ( Personally identifiable information ) in it. I am sure that there were many people who read it, but at the end still did not know what PII was.

Mark

jackExceedra SSC Enthusiast Points: 162 More actions · Answer 2

Hi Steve,

I am confused by this point :

" I find less and less resistance from developers about using sensitive production data in development environments, but still too much."

Are you saying you want sensitive data to be less secure?

Kind regards,

Jack

Eric M Russell SSC Guru Points: 125561 More actions · Answer 3

Customer centric database records, documents, and audio transcripts are just the tip of the iceberg - GDPR also regulates CCTV footage.

"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

Steve Jones - SSC Editor SSC Guru Points: 736212 More actions · Answer 4

Mark Moss wrote:

Steve,
While I do like the article that you wrote, I would like to point out that you never defined PII ( Personally identifiable information ) in it. I am sure that there were many people who read it, but at the end still did not know what PII was.
Mark

Good point. I made a poor assumption here. I'll correct that.

Steve Jones - SSC Editor SSC Guru Points: 736212 More actions · Answer 5

jackExceedra wrote:

Hi Steve,
I am confused by this point :
" I find less and less resistance from developers about using sensitive production data in development environments, but still too much."
Are you saying you want sensitive data to be less secure?
Kind regards,
Jack

Poorly worded. I've had many developers (customers and non-customers) that resist doing anything about PII data in non-prod environments, meaning, they use data freely even though there are less protections and security in development and test environments.

Slowly I find developers getting better and wanting to use obfuscated, sanitizied or generated data, but still the majority don't feel this is an attack vector they worry about. This despite so many cases of these less secure environments being attacked.

jackExceedra SSC Enthusiast Points: 162 More actions · Answer 6

Okay, I get what you're saying now, that makes more sense

webrunner SSC-Dedicated Points: 31863 More actions · Answer 7

Interesting idea, but my guess is that Amazon is keeping a lot more PII (especially if one extends the PII concept to potentially sensitive audio conversations) than it is helping to protect. Really it all depends on how much they stand to profit from one approach vs the other.

-- webrunner

-------------------
A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html