What does personal data look like?

When thinking about personal data it can be useful to look to its physical storage on the database to build a good mental map. Give or take, for every account that you have the online provider will have a database record that looks something like that represented below.

Companies used to have usernames, but these were replaced (nobody could remember them) and, typically, these days your email tends to be the primary non-authenticating identifier. That email links to an internal key from which all other data records flow -


User Record
- email
- internal key

Your password then forms part of an authentication process allowing access view to your other private data -


Credentials
- pwdHash
- salt
- hash algo
- hint


Personal Info
- Name
- Sex
- Birthday
- Phone #1
- Phone #2
- SSN
- Address


Credentials
- card number
- CVV data
- expiry date
- etc.


Bank Data
- a/c number
- swift code
- bank name

Healthy Data Markets
Of course each different service provider will have their own additional modules, and when it comes to data theft perhaps the most important additional module to mention might be Health. Health data commands a premium in data markets (be they legal or not).

We will look more at data markets in a subsequent blog.

Posted in cyber security.