We are building a s3 datalake in AWS and the data may contain Personally Identifiable Information (PII) information. What are the best practices for anonysing the data(PII data need to be retrieved back - like by marketing team for campaigns). If I take encryption route, what's the best way to do it on AWS?
AWsS can do server-side encryption of assets like S3 buckets, and you can also set policies that require uploaded content to be encrypted client side.<p>But just having PII is a huge risk, even if it is encrypted or anonymized. Best not to have PII at all, unless you know how to properly build a digital Fort Knox that you are confident can properly protect that data.<p>Hell, best just not to have PII at all — it’s a huge liability.