On Thu, Feb 15, 2018 at 12:06 PM, miqui <
migm...@gmail.com> wrote:
> .. indeed using https. I'll checkout the header. thanks!
Encrypted in transit is good, but what legal standard(s) do you have
to meet? HIPAA, for instance, requires encryption at rest as well.
Make sure you're not leaking PII through third-party services (logging,
analytics, etc.) or potentially exposing it through unencrypted backups.
Make sure anyone with access to a system with PII is using individual
(not shared) revocable keys and, and, and...
Depending on the standards you're trying to meet this can be a pretty
deep rabbit hole 😀
--
Hassan Schroeder ------------------------
hassan.s...@gmail.com
twitter: @hassan
Consulting Availability : Silicon Valley or remote