top | item 16771512

(no title)

>they can’t query anything on a specific user.

What exactly do you mean by "user"? Can they query DNS traffic by IP address / subnet? Exactly what are all of the restrictions there?

EDIT: Is there a whitelist of things they can query by or do you simply trust them to be good citizens, have a binding legal agreement, all of the above?

discuss

eastdakota|8 years ago

No. We have a legally binding agreement. And, more importantly, we don’t store or give them access to IPs or anything else that may be associated with any individual. Look at a DNS query, look at what could be identifying — let us know where concerns are. My hunch is we’ve thought of it. If not, we will fix. We don’t want personally identifiably info. It creates a legal risk for us. We purge it as quickly as we can.

davrosthedalek|8 years ago

We don’t want personally identifiably info. It creates a legal risk for us. We purge it as quickly as we can.

Ding ding ding, we have a winner. If more people would realize this, we would have less data breaches. To get there, a data breach must become more costly for the companies.