Just one more of a million massive breaches within the last 10 years. No real consequences, I’m sure.
At this point, I think it’s safe to say that no individual person’s personal data hasn’t been caught in one of these breaches (unless they were born very recently). That’s not even mentioning the hundreds of vendors who I no longer work with but still have my sensitive data on their systems.
I heard an idea a few years ago that I found interesting: each person has their private data hosted on a secure data hub. If a vendor needs some of that data (ex: FirstName, LastName, Email) for their system, they have to make a request to your hub for it, which you then have to approve. Each time a vendor system needs that data, they make a callout to your hub. As long as they have an active approval, the callout would succeed for the fields they’ve been authorized. You can then revoke that request whenever you’d like.
I like the idea of having a running list of vendors who have access to your data and being able to revoke that data. However, it would also create a single location (your data hub) that could be breached and be a higher value target than any of the particular vendors.
Sounds similar to OpenId connect for authentication, service requests scopes which pulls varying info and user can be shown a consent screen with what data is being requested for approval.
I’d like a similar model for data sharing, though you will need privacy laws since you can revoke access in this case, but currently there would be nothing preventing storing your data at the time elsewhere or sharing it.
Yeah, that’s the downside with data like this, nothing prevents copying it. You’d need fines to help enforce it (which, as we’ve seen from this exact article, aren’t an effective deterrent).
Just one more of a million massive breaches within the last 10 years. No real consequences, I’m sure.
At this point, I think it’s safe to say that no individual person’s personal data hasn’t been caught in one of these breaches (unless they were born very recently). That’s not even mentioning the hundreds of vendors who I no longer work with but still have my sensitive data on their systems.
I heard an idea a few years ago that I found interesting: each person has their private data hosted on a secure data hub. If a vendor needs some of that data (ex: FirstName, LastName, Email) for their system, they have to make a request to your hub for it, which you then have to approve. Each time a vendor system needs that data, they make a callout to your hub. As long as they have an active approval, the callout would succeed for the fields they’ve been authorized. You can then revoke that request whenever you’d like.
I like the idea of having a running list of vendors who have access to your data and being able to revoke that data. However, it would also create a single location (your data hub) that could be breached and be a higher value target than any of the particular vendors.
Trade-offs.
There could be a very large number of small data hubs instead of one big one.
Sounds similar to OpenId connect for authentication, service requests scopes which pulls varying info and user can be shown a consent screen with what data is being requested for approval.
I’d like a similar model for data sharing, though you will need privacy laws since you can revoke access in this case, but currently there would be nothing preventing storing your data at the time elsewhere or sharing it.
Yeah, that’s the downside with data like this, nothing prevents copying it. You’d need fines to help enforce it (which, as we’ve seen from this exact article, aren’t an effective deterrent).
Fines would have to be something crazy like Tik Tok ban $5000 per user type of deal