We deal with a lot of very private data at Wesabe, so security and privacy are our top concerns. One of the ways we protect our users’ privacy is through a technique we’ve dubbed the “privacy wall”. I’ll give a very brief overview of it here, but if you’d like something a bit more technical, along with ways to attack the wall, I’ve posted a longer article over on my personal blog.
The bank and credit card transactions that are uploaded to Wesabe are not directly linked to their owners in our database. A standard database schema would call for having a
user_id column in the table holding the bank account information that would link directly to a users table, which would hold your login information, email address, etc. Instead, we use something called a cryptographic hash to link the two tables, so your financial data is only associated with you when you log in. This means that (a) no one at Wesabe can peek at how much you’re spending on shoes, and (b) if our database were to somehow fall into, say, an identity thief’s hands, he would have a hard time getting any information about you other than your email address.
The privacy wall does make support a bit more difficult. If you’re having a problem, we need to get additional information from you so that we can find your data in our system. But that’s a small price to pay to be able to assure our users that their information is completely private.
This technique is general enough that just about any site can use it, so if you have a site that is holding personal data, I’d encourage you to read my more technical post and implement something similar, and let us—and your users!—know about it.