One Way Hash Functions and Data Privacy Compliance.

cryptographic hash functions
Home » Blog » One Way Hash Functions and Data Privacy Compliance.
Table of Contents
    Add a header to begin generating the table of contents

    This article will discuss how a one way hash function can be used in the context of privacy compliance for regulations like the GDPR. Storing customer’s personal data is an inevitability for scaling businesses in today’s technical world. One way hash functions are a useful tool to store sensitive customer data such as passwords and social security numbers in a blind manner that reduces your risk. We’ll talk about what one way hash functions are, why you should care, and their place in a data privacy compliance context.

    The Information Security Challenge

    We’ve all seen the headlines about high profile data breaches for sensitive customer data. These breaches are occurring at the highest level companies and information security companies themselves are not immune to targeting by hackers.

    Since information security professionals largely find ways to protect against known attacks and hackers are constantly devising new attacks, hackers have the advantage. Because of this, application providers must a) assume that stored data will be breached and b) take appropriate steps to protect the data so that the impacts of a breach are minimized.

    Enter the one way hash function.

    About One Way Hash Functions

    one way hash, example graphic

    The graphic above illustrates how one way hash functions work. An arbitrary input, such as an email address or password, is provided and run through the hashing function and the result is a fixed-length alphanumeric string of characters.

    The provided input will always result in the same fixed length set of characters but it is impossible to determine what the original input was because the encryption algorithm only goes one way.

    This gives us a fantastic tool to store customers personal data in such a manner that the application provider has no knowledge of the originally provided input.

    For example, lets say a fictitious user is logging in with a password “pass123”.

    When the user registers with the password, it is run through a one way hashing function and the resulting hash code “x6y1otB” is generated.

    The application provider stores this hash code in their database and has no knowledge of the original password. Yet, when the user attempt to login the next time, the original “pass123” hashes back to “x6y1otB” and we can confirm that they did indeed supply the correct password without ever knowing what it was.

    This is a powerful protection in an information security sense because if a hacker was to gain access to the database and steal the stored passwords they will only see the hash codes that were stored and would not be able to decipher what the original password was.

    This gives application providers a chance to inform users of a breach, lock out accounts and force password changes while the vulnerability is corrected. It saves a tremendous amount of hassle for the end consumer because their data remains far safer than if the password was stored in plain text and then was subsequently compromised.

    If the password was stored in plain text, the hacker would have been able to login to the compromised user’s account and do far more damage.

    Emerging Privacy Law

    Savvy application providers have been implementing techniques likes this for several reasons.

    • Reduces Liability
    • Decreases Risk
    • Increases Customer Satisfaction
    • Decreases the Attractiveness of Attack to Hackers

    Data privacy has become a hot topic over recent years and implementing information security is no longer just a tactic employed by top companies for their benefit of their consumers – it’s become a legal requirement.

    Data privacy laws such as the GDPR and California Consumer Privacy Act rarely specify the exact solutions required for securing personally identifiable consumer information but they make it clear that efforts to secure customer information must be made, and documented, and must periodically be audited by an appointed data privacy officer within the organization.

    As such, the one way hash function has become an important tool in the application providers belt to secure and process personal information.

    Share This Article

    Hunter Nelson

    Hunter is the founder and president of Tortoise and Hare Software, a digital marketing agency for B2B technology companies. Hunter has more than 10 years’ experience building web applications and crafting digital strategies for companies ranging from scrappy startups to Fortune 50 household names. When not on the clock, you'll find him spending time with his family and pups, relaxing on the beach, or playing competitive online video games. See LinkedIn for more.

    Leave a Comment

    Table of Contents
      Add a header to begin generating the table of contents

      Free Email Course:
      Launching Your B2B Digital Marketing Program

      Enroll in our free digital lead generation crash course. A 60 day email series with twice a week emails walking through the journey of how to launch your digital marketing program and generate more B2B leads from your website. Unsubscribe at any time.

      Recent Posts
      cmmc marketing for msp and cybersecurity

      CMMC Presents New Marketing And Sales Opportunity for MSPs

      Have you heard about the Cybersecurity Maturity Model Certification (CMMC)? It’s a universal standard meant to enhance and normalize cybersecurity throughout the Defense Industrial Base (DIB). Released on January 31, 2020, CMMC will affect about 300,000 companies that do business with the U.S. Department of Defense (DoD). These include contractors who engage directly with the…

      privacy policy for small business

      Why do I need a Privacy Policy?

      Data privacy is a topic that is of growing concern to many consumers around the U.S. and you may have heard the term privacy policy a time or two in recent history but haven’t paid it much mind. If your just getting into digital marketing or are updating an existing marketing site you may be…

      inventory shrink loss prevention

      Inventory Shrink Loss Prevention

      I was recently talking to a prospect about a common warehousing problem that’s encountered, inventory shrink due to spoilage.  A lot of inventory shrink caused by spoilage for both perishable and non-perishable goods could be avoided by regular checks of inventory to ensure that it hasn’t been exposed to adverse conditions such as excess moisture…

      Top Content
      sample brand kit

      Branding Your MSP: How To Get Started

      Throughout the process of launching and running Tortoise and Hare Software these past 3-4 years there’s one thing that I’ve gotten consistently good feedback on. The brand! People who aren’t shopping for marketing, and have no relationship to the company will regularly come up to me at trade shows, or comment on my business card,…

      msp paid search campaigns

      The Ultimate Guide To Paid Search On Google Ads For Managed Service Providers

      Generating leads for your MSP can be a challenge. You spend so much time managing employees, making sure customer support tickets are answered, procuring hardware, and defending against cyber threats, there’s hardly time to worry about networking and doing things like posting on social media. However, you’d like to grow faster, and due to some…

      msp seo ultimate guide

      The Ultimate Guide To MSP SEO

      Search Engine Optimization (SEO) is one of the most important ways to attract new business for mid-market managed service providers (MSP). If you look at MSPs that have achieved any sort of meaningful scale and grown to the 10MM ARR mark and beyond, you will almost always see a significant portion of their growth came…

      About Us

      Tortoise and Hare Software is a boutique B2B tech marketing agency. We help companies like MSPs, SaaS providers, cybersecurity firms, and other technology service providers launch their digital marketing programs and generate inbound leads.