I think we also need levels of PII or something, maybe a completely different framework.

There’s this pattern I see at work where you want to have a user identifiable by some key, so you generate that key when an account is created and then you can pass that around instead of someone’s actual name or anything. The problem though, is that as soon as you link that value to user details anywhere in your system that value itself becomes PII because it could be used to correlate more relevant PII in other parts of your system. This viral property it has creates a situation where a stupid percentage of your data must be considered PII because the only way it isn’t is if it can be shown that there is no way to link the data to anybody’s personal information across every data store in the company.

So why is this a problem? Because if all data is sensitive none of it is. It creates situations where the production systems are so locked down that the only way for engineers to do basic operations is to bend the rules, and inevitably they will.

Anyway, I don’t know what the solution is but I expect data leaks will continue to be common passed the point when the situation is obviously unsustainable

I have three drives in my computer. So they’re labeled C:, D:, and E:

That’s the default configuration but there’s actually no guarantee that those drives map bijectively to physical devices.

Yeah that’s an excellent point. Older generations still prefer phone calls but I imagine increasingly the only people who want to call will be the people who can’t fix their issue via an automated system.

I don’t want to sms, but also a lot of my friends aren’t techies, not to mention my family. Convincing them all to download and use the same messaging app is just not going to happen.

Gotos all the way down