When working with certain kinds of sensitive data, it is important to carefully evaluate Drupal's handling of that information and determine whether it meets your needs. As you might expect, the relative level of scrutiny you should devote to Drupal's handling of your data depends on the purpose of your site, its goals, and context. For example, on a site that provides information to groups persecuted by a government it could be considered inappropriate to store the IP address of a user, while on a site that includes health care information, a requirement may exist that you save the IP address of every user for a specific period of time. To match your site's purpose, goals and context, you will need to verify that Drupal is storing or omitting these data as appropriate.
Below are some general guidelines to consider when building/developing a site.
Consider what data in your site is private or sensitive
Review all the fields collected by a site. It can be easiest to do this by looking at the table definitions and some data from the tables in your database. As you audit each row, consider:
- Should we even collect this information? You may find cases where Drupal is collecting information that you don't want it to.