Empower our users, they own their data. OWASP Privacy Risks - P-9
P-9 Inability of users to access and modify data
The OWASP Top 10 Privacy Risks Project identifies the top 10 privacy risks in web applications, the cloud and the global online ecosystem. In September of 2021, version 2 of the project was released. I'm going to work through the list and discuss each risk, with references and mitigation countermeasures, if they exist.
The P-9 risk, "Inability of users to access and modify data" identifies data lockin by organizations as a privacy risk.
Users need to have access to their data. Organizations need to give users the ability change or delete data related to them.
User access to their data, requests to change or delete their data needs to be processed timely and completely.
Data needs to be modeled with user access and modification as a priority
Data architects need to consider Data Portability when designing and modeling user data.