[wp-trac] [WordPress Trac] #43175: Discussion - Pseudonymisation

WordPress Trac noreply at wordpress.org
Tue Apr 24 09:58:49 UTC 2018 

#43175: Discussion - Pseudonymisation
-------------------------+------------------------------
 Reporter:  xkon         |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  General      |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  gdpr         |     Focuses:
-------------------------+------------------------------

Comment (by David 279):

 Reading the actual regulations (article 32 of the GDPR) you get the
 following:

 "Security of processing"

 1. Taking into account the state of the art, the costs of implementation
 and the nature, scope, context and purposes of processing as well as the
 risk of varying likelihood and severity for the rights and freedoms of
 natural persons, the controller and the processor shall implement
 appropriate technical and organisational measures to ensure a **level of
 security appropriate to the risk**, including inter alia as appropriate:

 (a) **the pseudonymisation and encryption of personal data**;

 (b) the ability to ensure the ongoing confidentiality, integrity,
 availability and resilience of processing systems and services;

 (c) the ability to restore the availability and access to personal data in
 a timely manner in the event of a physical or technical incident;

 (d) a process for regularly testing, assessing and evaluating the
 effectiveness of technical and organisational measures for ensuring the
 security of the processing.

 2. In assessing the appropriate level of security account shall be taken
 in particular of the risks that are presented by processing, in particular
 from accidental or unlawful destruction, loss, alteration, unauthorised
 disclosure of, or access to personal data transmitted, stored or otherwise
 processed.

 3. Adherence to an approved code of conduct as referred to in Article 40
 or an approved certification mechanism as referred to in Article 42 may be
 used as an element by which to demonstrate compliance with the
 requirements set out in paragraph 1 of this Article.

 4. The controller and processor shall take steps to ensure that any
 natural person acting under the authority of the controller or the
 processor who has access to personal data does not process them except on
 instructions from the controller, unless he or she is required to do so by
 Union or Member State law.

 ----
 Initially when reading this you may see the bit about "costs of
 implementation" and think ah, it's going to cost far too much to implement
 pseudonymisation and encryption of personal data within WordPress, we can
 ignore this, however in the latest (11th April 2018) PDF on this subject
 from the Article 29 Working Party (the people who basically decide what
 the GDPR will implement) one very specific Paragraph caught my attention

 **There is also a public interest in the implementation of encryption.
 Securing personal data in transitand  at  rest  is  a  cornerstone  of
 the  trust  we  all  need  for  digital  services,  so  as  to  enable
 innovation and growth for our digital economy.
 **

 The whole document is here
 [http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=51026]

 ----
 Note that **CURRENTLY** the GDPR does not require people to store Personal
 Data in an encrypted form, but when you take the time to read the
 documents especially the one in the link you can see that it is only a
 matter of time before this becomes a requirement.

 Further there is indication that when a loss of data occurs it may be
 regarded as less serious if the Data itself is encrypted, thus encryption
 of personal data whilst not mandatory at this time is highly advisable

 ----
 There are a few issues with Encryption of Personal Data

 1. The Decryption Key should not be stored in the same location as the
 Encrypted Data, there's no point in installing a great big safe to protect
 your valuables then sticking a post it note to the side of the safe with
 the combination, however many people will be hosting their WordPress sites
 on a Shared Server so just how one sets this up I'm not sure

 2. Individual Users may need to check their own Data.

 3. Access to User Data needs to be strictly controlled, there may be a
 need to have two levels of access to user Data, at the top level one gains
 access to modify user data, whilst at the secondary level one can read but
 not modify user data, this allows employees to for example copy a name and
 address from an eCommerce system into a couriers system to fulfill an
 order. Users should possibly be able to modify their own data, I say
 possibly because in an eCommerce system a User should not be able to
 modify their Name and Address as this would alter Transactional Data, a
 checkbox in the back end might be provided to check user editing of their
 own account.

 ----
 Make of the above what you will

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43175#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list