https://community.isc2.org/t5/Tech-Talk/Data-Privacy/m-p/42684#M3118 <P>Don't expose data to a partner unless absolutely necessary.&nbsp;One of the downfalls of this new <A href="https://searchapparchitecture.techtarget.com/definition/API-economy#:~:text=The%20API%20economy%20refers%20to,APIs)%20in%20a%20controlled%20way." target="_blank" rel="noopener"><STRONG>API Economy</STRONG></A>&nbsp;is that many developers are not following "best practices" for protecting a data subjects privacy. Enforce the principle of least privilege by ensuring any third-party that has access to the endpoints is authorized and access is provisioned accordingly. I love the <A href="https://owasp.org/www-project-api-security/" target="_blank" rel="noopener">OWASP API Security Top 10</A>. Check it out.</P> Wed, 20 Jan 2021 20:24:02 GMT AppDefects 2021-01-20T20:24:02Z https://community.isc2.org/t5/Tech-Talk/Data-Privacy/m-p/42680#M3117 <P>Hello ,</P><P>&nbsp;</P><P>&nbsp;</P><P>Can we expose APIS which return email address plain format</P><P>Can we expose APIS which ask email address as input plain format</P><P>Can we expose APIS which return user address plain format</P><P>&nbsp;</P><P><SPAN>GDPR Article 5 mandates that personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.</SPAN></P><P>&nbsp;</P><P><SPAN>PCIDSS also allows to use PCI data if proper security measures are in place.</SPAN></P><P><SPAN>Any suggestions??</SPAN></P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P> Wed, 20 Jan 2021 19:47:38 GMT https://community.isc2.org/t5/Tech-Talk/Data-Privacy/m-p/42680#M3117 iluom 2021-01-20T19:47:38Z https://community.isc2.org/t5/Tech-Talk/Data-Privacy/m-p/42684#M3118 <P>Don't expose data to a partner unless absolutely necessary.&nbsp;One of the downfalls of this new <A href="https://searchapparchitecture.techtarget.com/definition/API-economy#:~:text=The%20API%20economy%20refers%20to,APIs)%20in%20a%20controlled%20way." target="_blank" rel="noopener"><STRONG>API Economy</STRONG></A>&nbsp;is that many developers are not following "best practices" for protecting a data subjects privacy. Enforce the principle of least privilege by ensuring any third-party that has access to the endpoints is authorized and access is provisioned accordingly. I love the <A href="https://owasp.org/www-project-api-security/" target="_blank" rel="noopener">OWASP API Security Top 10</A>. Check it out.</P> Wed, 20 Jan 2021 20:24:02 GMT https://community.isc2.org/t5/Tech-Talk/Data-Privacy/m-p/42684#M3118 AppDefects 2021-01-20T20:24:02Z