From: | jesusthefrog <jesusthefrog(at)gmail(dot)com> |
---|---|
To: | John R Pierce <pierce(at)hogranch(dot)com> |
Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Securing Information |
Date: | 2016-12-29 01:27:40 |
Message-ID: | CAH_wARt+F5fJN8t1v+uYJpeJXZd6w8v_cD0WJdRknaAWS9TrYw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
True. In our environment we have other layers to deal with network security
which covers us for encryption of a data as it's transmitted, and you
definitely should do that, but that's not something a DBA would normally be
concerned with.
And given that he said that the machine may be standalone, I would suspect
that there would be a person at a directly (or nearly-directly) connected
terminal, possibly via a web app. If you're going to, for example, email
the data to someone, then it also has to be encrypted at that time, but
that would need to be re-encrypted with a method the receiver would be able
to decrypt anyway.
In any case I recommend reading the consolidated HIPAA Privacy Act
regulations (
https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/combined/hipaa-simplification-201303.pdf
).
I'm not entirely sure of the applicability of the Privacy Act of 1974 to
non-government-affiliated computers/networks, but it can't hurt to read
through that regulation for guidance as well. (
https://gsa.gov/portal/mediaId/252231/fileName/CIO_P_21001I__CHGE_1_GSA_Information_Technology_%28IT%29_Security_Policy__%28Signed_on_10-20-2015%29.action
page 35).
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d- s+ a- C++++ L+++ S++ B+ P++>++++ E++ W+++
N o? K- !w++++ O- M- V? PS++ PE- Y+ PGP t+ 5+++
X R+ tv b+++ DI++ D++ G+ e-- h- r++ y
------END GEEK CODE BLOCK------
From | Date | Subject | |
---|---|---|---|
Next Message | Clifford Snow | 2016-12-29 03:06:34 | Help with Trigger |
Previous Message | John R Pierce | 2016-12-29 00:55:56 | Re: Securing Information |