Data Breaches: All Your Fault

DevOps, Redgate Software
One part of my job is to understand the compliance landscape. This means that I read a lot about the GDPR and related similar laws. I also have to read a lot about data breaches in order to understand how and where laws like the GDPR apply to them, and how they happened so that I can better prepare people through good DevOps practices to prevent them. The more I read about data breaches, the more I realize: It's You. It's your fault. Don't believe me? Let's walk through a few recent data breaches together. Passwords? We Don't Need Stinking Passwords. The Collection #1 data that represents 21 million unique email addresses and passwords for a combination of up to more than 700 million, was found by Troy Hunt... on…
Read More

Compliance Ain’t Easy

Redgate Software
I'm sure by now you've heard of the GDPR and some of the large scale data breaches that have occurred within it. If you haven't heard of the GDPR, you've been under a rock, or, you're like me, a United States citizen (it's amazing how little we know about this oncoming train). If you're seeing the four letters GDPR strung together for the first time, then you better jump on learning about it right now. Why? Let's string together more letters, CPPA. That stands for the California Privacy and Protection Act. That's a law modeled off the GDPR that goes into effect in 2020 (yeah, nine months). Compliance Isn't Always Spelled GDPR Maybe you're not in an EU country and you don't have any person's data from there. Maybe you…
Read More

Identifying HIPAA, PCI & SOX Data for Masking

Redgate Software
Working for a company based in the UK (still currently a part of the EU) I had a lot of motivation to learn about the GDPR and what it means for data professionals. Further, the understanding that, through treaties and court precedent, the GDPR can apply to companies around the world also motivated me to learn about the privacy and protection mechanisms that it required. However, there is privacy and protection much closer to home from the data and security definitions in HIPAA, PCI and SOX. I've been doing a bunch of research on all these to better understand how they, along with the GDPR, and a whole slew of new legislation coming from around the world, will impact the database. More specifically, I've been trying to understand how best…
Read More

Execution Plans and the GDPR

SQL Server, SQL Server 2016, SQL Server 2017
What? Execution plans and the GDPR? Is this it? Have I completely lost it? Well, no, not on this topic, keep reading so I can defend myself. GDPR and Protected Data The core of the GDPR is to ensure the privacy and protection of a "natural person's" information. As such, the GDPR defines what personal data is and what processing means (along with a bunch of additional information). It all comes down to personally identifying (PI) data, how you store it, and how you process it. More importantly, it's about the right for the individual, the natural person, to control their information, up to and including the right to be forgotten by your system. OK. Fine. And execution plans? Execution Plans and PI Data If you look at an execution…
Read More