An organization handles personal data from multiple regions, many of which have laws prohibiting plain-format storage. The leadership team wants to allow content reviews and permit authorized individuals to view information for auditing. Which approach best satisfies these requirements while staying within compliance guidelines?
Store user data in a separate repository in plaintext for straightforward access control
Hash personal information to restrict direct recovery of the original data
Encrypt records for each user’s data with specific keys that permit authorized decryption
Use temporary keys for secure data transfer and discard them after transmission
Encrypting records for each user's data with specific keys allows authorized decryption for inspection and audits. Using temporary keys focuses on short-length communications and may not address ongoing or long-term review. Hashing hides personal information in a one-way manner, making it unsuitable for audits. Storing data in plaintext, even in a separate location, conflicts with stricter data protection mandates.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between encryption and hashing?
Open an interactive chat with Bash
How do specific encryption keys improve security for personal data?
Open an interactive chat with Bash
Why are plaintext storage and temporary keys unsuitable for compliance?