zlacker
[parent]
[thread]
5 comments
1. icedch+(OP)
[view]
[source]
2018-05-18 14:04:48
The solution is to keep a list of "things to exclude" if a backup is ever restored. This is reasonable. Rewriting old backups is not reasonable.
replies(1):
>>badwol+jG
◧
2. badwol+jG
[view]
[source]
2018-05-18 19:15:59
>>icedch+(OP)
Would such a list not by nature consist of PII?
replies(1):
>>icedch+fH
◧◩
3. icedch+fH
[view]
[source]
[discussion]
2018-05-18 19:23:53
>>badwol+jG
Not necessarily. It might consist of user IDs (integers, UUIDs) or hashed values of something that can be mapped to the user...
replies(1):
>>badwol+M31
◧◩◪
4. badwol+M31
[view]
[source]
[discussion]
2018-05-18 23:01:16
>>icedch+fH
User ID's are considered PII though. If it can be mapped to the user, it's by definition identifying information
replies(1):
>>icedch+f71
◧◩◪◨
5. icedch+f71
[view]
[source]
[discussion]
2018-05-18 23:58:55
>>badwol+M31
Identifiers that have no meaning outside of your system are not PII.
replies(1):
>>Boulth+q72
◧◩◪◨⬒
6. Boulth+q72
[view]
[source]
[discussion]
2018-05-19 20:55:47
>>icedch+f71
Reading
https://ec.europa.eu/info/law/law-topic/data-protection/refo...
I would agree, of course if that identifier is not in some other database, that maps it to a person. If you have just ids in a backup and you remove the person-ID mapping this should be fine.
[go to top]