Primary keys using UUID v7 are potentially an HR violation
9 hours ago
- #Privacy
- #UUID
- #Compliance
- UUID v7 embeds a timestamp in its first 48 bits, which can be extracted to infer a user's account creation time.
- This timestamp can unintentionally reveal a user's minimum age, leading to potential age discrimination.
- Other time-sortable IDs like ULID, KSUID, and Instagram IDs also encode timestamps, posing similar risks.
- UUID v4 is recommended for sensitive data like applicant records as it does not contain embedded timestamps.
- UUID v7 can still be used for non-sensitive data such as job postings or interview IDs.
- Encrypting time-sortable IDs before exposing them can mitigate privacy risks.
- Optimizing for database performance with UUID v7 can create compliance risks by leaking protected characteristics.