cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
iluom
Contributor II

Data Privacy

Hello ,

 

 

Can we expose APIS which return email address plain format

Can we expose APIS which ask email address as input plain format

Can we expose APIS which return user address plain format

 

GDPR Article 5 mandates that personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

 

PCIDSS also allows to use PCI data if proper security measures are in place.

Any suggestions??

 

Thanks

 

Chandra Mouli, CISSP, CCSP, CSSLP
1 Reply
AppDefects
Community Champion

Don't expose data to a partner unless absolutely necessary. One of the downfalls of this new API Economy is that many developers are not following "best practices" for protecting a data subjects privacy. Enforce the principle of least privilege by ensuring any third-party that has access to the endpoints is authorized and access is provisioned accordingly. I love the OWASP API Security Top 10. Check it out.