Source: Created some of the first medical records digital exchanges (NYCLIX, BHIX, etc) in the mid 2000s. Worked very hard to figure out how to protect patient privacy. This breach and subsequent blackmailing was one of our nightmare scenarios. FWIW, nothing (nothing) has improved since.
Just like a password wallet. Store the hash of passwords, not the actual passwords. Then disallow password resets.
Then you effectively "forget" your account if you lose your password.
The book Translucent Databases (2nd ed) [2009] explains clever strategies for applying this technique to protect sensitive data. It's brilliant.
https://www.wayner.org/node/39
https://www.amazon.com/gp/product/1441421343
Meta: I remain disappointed by the obscurity of this book and translucent techniques. A long time friend recently asked me about GDPR compliance and so forth, in prep for reworking stuff to allow proper audits. Very tech savvy. The translucent notions just could not compute. So their efforts went down the conventional rabbit hole of actually deleting data. Which I don't consider practical or auditable. How can you be sure an org deleted every record, log, backup, etc? You can't.
Never store PII as cleartext, akin to proper password storage.
Translucent Databases https://www.amazon.com/gp/product/1441421343
Encrypting databases, file systems, and backups remain necessary, but insufficient.
Field level encryption. Just like password files. Salt and hash any potentially identifying information.
Translucent Databases shows how. https://www.amazon.com/gp/product/1441421343
Source: Created some of the first medical records digital exchanges (NYCLIX, BHIX, etc) in the mid 2000s. Worked very hard to figure out how to protect patient privacy. This breach and subsequent blackmailing was one of our nightmare scenarios. FWIW, nothing (nothing) has improved since.
Just like a password wallet. Store the hash of passwords, not the actual passwords. Then disallow password resets.
Then you effectively "forget" your account if you lose your password.
The book Translucent Databases (2nd ed) [2009] explains clever strategies for applying this technique to protect sensitive data. It's brilliant.
https://www.wayner.org/node/39
https://www.amazon.com/gp/product/1441421343
Meta: I remain disappointed by the obscurity of this book and translucent techniques. A long time friend recently asked me about GDPR compliance and so forth, in prep for reworking stuff to allow proper audits. Very tech savvy. The translucent notions just could not compute. So their efforts went down the conventional rabbit hole of actually deleting data. Which I don't consider practical or auditable. How can you be sure an org deleted every record, log, backup, etc? You can't.
Privacy minded and anti-government types opposed RealID.
https://www.amazon.com/Translucent-Databases-2Nd-Authenticat...
Source: Me. I worked on both voter privacy and electronic medical records.
#2 -
The government, thru contracts with services like Lexis/Nexus (nee Seisent) have already created globally unique identifiers for pretty much every person, living or dead. Replacing SSN would just formalize, simplify, daylight such matters.
Alas, wedge issues like voter registration databases (assessing eligibility to vote) and immigration status, in near real-time, would become trivial and nearly error free, so I doubt this commonsense, practical effort will happen any time soon.