Re: Database Encryption (now required by law in Italy)
| От | Peter Galbavy |
|---|---|
| Тема | Re: Database Encryption (now required by law in Italy) |
| Дата | |
| Msg-id | 006f01c40509$3807b410$152ca8c0@petersdesktopho обсуждение исходный текст |
| Ответ на | Re: Database Encryption (now required by law in Italy) (<lnd@hnit.is>) |
| Ответы |
Re: Database Encryption (now required by law in Italy)
|
| Список | pgsql-admin |
Silvana Di Martino wrote: > Oracle has a system similar to pgcrypto but more sophisticated. I do > not know if it can use encrypted indexes, encrypted dates and > encrypted times (it is likely but I did not tried, yet). It stores > its "global encryption password" into a system table in encrypted > form. Only authenticated users can decrypt data. This can then be broken. Anything that does without some sort of human intervention is waiting to be hacked one way or another. > BTW: It looks like I'm the only one here facing this problem. That's > surprising, given the number of countries that have a law like the > italian one and the wide diffusion of PostgreSQL. I cannot speak or read Italian, so any reference to an English version of the legislation or analysis of it would be greatly appreciated. As some background to my next comments, for those not in the EU, there is a lot of inconsitency in the way that member countries implement EU directives. These glaring differences sometimes, no scratch that: ALWAYS, cost taxpayers dear, while the legislators and the civil and criminal justice systems sorting issues out after the fact, and at great cost. Two observations in this light; 1. Some countries within the EU still have national laws, unless I blinked and they disappeared, that mandate some control over cryptography. Historically, France was certainly one - anyone with current specifics ? This leads to a potential conflict if the EU mandates in anyway that countries must require _encryption_ (as opposed to string protection) of personal data by data controllers (i.e. ever incorporated business and many sole traders that I know of). 2. I have been unable to find, as an amateur with interests in the subject, a *single* instance of a prosecution under Data Protection laws in the UK. Lots of "enforcement by discussion and threat" and stuff, but no court time to test the laws directly. Probably don't know the right places to look. Again, anyone with real data for the UK and the EU in general for how existing Data Protection laws have been enforced ? rgds, -- Peter
В списке pgsql-admin по дате отправления: