| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Moreno Andreo <moreno(dot)andreo(at)evolu-s(dot)it>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Key encryption and relational integrity |
| Date: | 2019-03-28 14:45:33 |
| Message-ID: | 0d5e5b22-f62d-3939-61f7-6ecb5d632436@aklaver.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 3/28/19 7:29 AM, Moreno Andreo wrote:
> Il 27/03/2019 07:42, Tony Shelver ha scritto:
>> Not in Europe, but have worked a bit with medical records systems in
>> the USA, including sharing across providers.
>> The only other way to do it would be to store the encrypted key value
>> in both user.id <http://user.id> and medications.user_id. That would
>> encrypt the data and maintain relational integrity.
> Hmmm... if user.id and medications.user_id are the same, I can link user
> with medication... and GDPR rule does not apply..... or am I missing
> something?
Yes the link means that someone could use the medications.user_id to
fetch the rest of the user information from the user table. Unless you
encrypted that information also, which I gather you do not want to do
for performance reasons.
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-03-28 14:56:01 | Re: plctl extension issue postgresql 11.2 |
| Previous Message | Adrian Klaver | 2019-03-28 14:39:23 | Re: Data entry / data editing tools (more end-user focus). |