3rd Party Services for storing PII

470 Views Asked by At

A customer has a requirement for storing some Personally Identifiable Information (PII). I want to attempt to dodge the issues of storing this in their database. I am looking for some kind of service that might securely store this data that I could then access via an API.

1

There are 1 best solutions below

1
On

There is no good way to dodge PII management. If you can, I'd suggest getting some justification from the customer for storing of the information, verifying that it is truly required. I've seen requirements for pieces of PII that, after a little discussion, turned out to be unnecessary.

Assuming the PII is needed... Keep the data in house - if you go to a remote service, then you are opening up a whole new can of worms - it is likely that you will still be responsible for any data breaches.

When you do go to store needed PII, keep it as isolated as possible with tight security, and encrypt it. When you need to read the information, decrypt it, work with it, and get rid of it immediately. When disposing of the in memory data, set the values to some garbage text, then release the memory after that is complete.

Best of luck!