Anonymizing emails in traces

[oliverbarnes]

On #215 (comment) @jinjagit brought up:

Should we ignore (not observe) sensitive vars (e.g. emails)? Or do we consider Honeycomb (and communication with it) secure?

We should anonymize them, so we're not able to see and not storing them in an external data store. This is both secure and compliant with GDPR.

We need to see what people have been using for this, with Phoenix

[jinjagit]

What about organization_id, participant_id, etc. which are UUIDs?

[oliverbarnes]

Good question. My understanding is that if they're not linked to other data that would enable identification of a person, then it's fine to send it. So your case, since we're anonymizing emails, the uuids don't identify anyone.

But if we're submitting ip addresses, those need to be truncated, at least.

https://law.stackexchange.com/questions/56107/gdpr-pii-and-uuids
https://sematext.com/blog/gdpr-top-5-logging-best-practices/#toc-4-anonymize-sensitive-data-fields-in-logs--3