gmcallister3
commented
6 years ago Since we allow unauthenticated users to create data, and we allow any authenticated user to read the data there is no one-to-one relationship so private-public key encryption won’t really work. Plus user data is being created by unauthenticated users so they don't have any persistence with our application. Holding off on this until we know more about the data handling requirements and how many lieutenant accounts we will be using.
We are storing cat 3 so we should abide by OIT standards https://spring2018team7350.slack.com/files/U8X2X8JS2/F90F4RGTE/data-protection-safeguards-rev2.0-20140314.pdf