undefined | Better HN

0 pointsnoduerme2y ago0 comments

I think it's more a question of encrypting data on the backend. The data wasn't stolen by phishing 16 million individual users' passwords. Companies that deal with sensitive genetic data should be subject to the same level of HIPAA compliance as those that deal with medical data, for instance.

0 comments

beej712y ago

Weren't users willingly sharing that data with eachother? Encrypting it wouldn't make sense in that use case.

noduermeOP2y ago

I don't actually know. But if a user wanted to share personal data with another user, I'd make a one-time key. I'm relatively certain that they took no precautions against someone with access to their database. In some scenarios for tiny companies that might be okay, if you don't store sensitive data; but not when it might get whole groups of people slaughtered based on their genetic profile.

beej712y ago

Might be a hard sell, though. People on Facebook share personal data with their friends in their profiles all the time.

1 more reply

j / k navigate · click thread line to collapse

0 pointsnoduerme2y ago0 comments

0 comments

beej712y ago

Weren't users willingly sharing that data with eachother? Encrypting it wouldn't make sense in that use case.

noduermeOP2y ago

beej712y ago

Might be a hard sell, though. People on Facebook share personal data with their friends in their profiles all the time.

1 more reply

j / k navigate · click thread line to collapse