Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer’s view in any way.

Empower our users, they own their data. OWASP Privacy Risks - P-9

posted on October 20, 2021 | tags: [ owasp, privacy ]
No one can come and claim ownership of my work. I am the creator of it, and it lives within me. - Prince

P-9 Inability of users to access and modify data

The OWASP Top 10 Privacy Risks Project identifies the top 10 privacy risks in web applications, the cloud and the global online ecosystem. In September of 2021, version 2 of the project was released. I'm going to work through the list and discuss each risk, with references and mitigation countermeasures, if they exist.

The P-9 risk, "Inability of users to access and modify data" identifies data lockin by organizations as a privacy risk.

  • Users need to have access to their data. Organizations need to give users the ability change or delete data related to them.

  • User access to their data, requests to change or delete their data needs to be processed timely and completely.

  • Data needs to be modeled with user access and modification as a priority

Data architects need to consider Data Portability when designing and modeling user data.


  1. OWASP Top 10 Privacy Risks Project
  2. Data Portability

Quote credit


Photo credit

Photo by Hennie Stander on Unsplash