... | ... | @@ -12,7 +12,7 @@ Data storage systems usually assign unique identifiers to the entries they store |
|
|
| 4 | Eric | crown | DK3650519625773963 | 2013-11-19 | 122/62 | ... |
|
|
|
| ... | ... | ... | ... | ... | ... | ... |
|
|
|
|
|
|
Identifiers are commonly generated when the entry is first created. Once available, they remain fixed for the lifetime of the row. The identifier is stored *within* the entry and becomes *part of* the data. Anyone with access to the data is usually granted access to the `Id` column as well, simply because it is needed to uniquely identify a record for many data manipulation tasks. The identifier also serves as a pseudonym for the entry it refers to: regardless of access to other data such as `Name`, a subject can be referred by its `Id`.
|
|
|
Identifiers are commonly generated when the entry is first created. Once available, they remain the same as long as the row exists. The identifier is stored *within* the entry and becomes *part of* the data. Anyone with access to the data is usually granted access to the `Id` column as well, simply because it is needed to uniquely identify a record for many data manipulation tasks. The identifier also serves as a pseudonym for the entry it refers to: regardless of access to other data such as `Name`, a subject can be referred by its `Id`.
|
|
|
|
|
|
While a traditional `Id` column thus achieves some form of pseudonymization, it is a privacy hazard when access to other data is restricted. For example, financial service professionals may be allowed to read the table's `BankAccountNr`, while medical personnel may be granted access to their `LastDoctorVisit`. Since both parties will also have access to the `Id` column, if an accountant and a doctor compare notes, they can build a combined data set on the basis of their common `Id` values. This will provide them with *a combination of* financial and medical information that no one has been granted access to.
|
|
|
|
... | ... | |