Empower our users, they own their data. OWASP Privacy Risks - P-9

posted on October 20, 2021 | tags: [ owasp, privacy ]

No one can come and claim ownership of my work. I am the creator of it, and it lives within me. - Prince

P-9 "Inability of users to access and modify data" identifies data lockin by organizations as a privacy risk.

P-9 Inability of users to access and modify data

The OWASP Top 10 Privacy Risks Project identifies the top 10 privacy risks in web applications, the cloud and the global online ecosystem. In September of 2021, version 2 of the project was released. I'm going to work through the list and discuss each risk, with references and mitigation countermeasures, if they exist.

The P-9 risk, "Inability of users to access and modify data" identifies data lockin by organizations as a privacy risk.

Users need to have access to their data. Organizations need to give users the ability change or delete data related to them.
User access to their data, requests to change or delete their data needs to be processed timely and completely.
Data needs to be modeled with user access and modification as a priority

Data architects need to consider Data Portability when designing and modeling user data.

References

Quote credit

BrainyQuote

Photo credit

Photo by Hennie Stander on Unsplash

This post and/or images used in it may have been created or enhanced using generative AI tools for clarity and organization. However, all ideas, technical work, solutions, integrations, and other aspects described here are entirely my own.