Encrypting user information and Data Retention Laws (US)

------=_Part_1116_7979514.1203694941061
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hey all! I am working on a DB app atm, and I would like to encrypt all user
information, or hash it (I still haven't finalized the design). My goal is
to make it that should the DB be compromised customers cannot be identified.
This in itself is not very difficult. However, does anyone know how the new
US data rentention laws would apply to this? I don't want my users to be
identifiable by anyone, myself included but this seems to be contradictory
to the laws. Does anyone know how they would apply? Any help at all would be
greatly appreciated.

------=_Part_1116_7979514.1203694941061--

Re: Encrypting user information and Data Retention Laws(US)

Matty Sarro wrote:
> Hey all! I am working on a DB app atm, and I would like to encrypt all user
> information, or hash it (I still haven't finalized the design).

My immediate thought for this is it's going to be difficult if you need
to undo the hashing. Hash'es are one-way, they cannot be undone (by
design) so if you need to have a way to go back to the original, you
can't use a hash.

You can encrypt the data (see http://www.php.net/mcrypt) and that is two
way but make sure you keep the encryption key outside of the document
root of the webserver or something so it can't be viewed through a
security issue in your webserver.

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php