Back to Details

privacy-by-design-rails

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Privacy by Design with Rails 8

Rails 8 中的隐私设计

When generating or reviewing code that handles personal data, run the scanner first: 
ruby .claude/skills/privacy-by-design-rails/scripts/scanner.rb --files <relevant files>
For deeper context on any topic, read the relevant reference file from 
references/
.
What counts as PII? Any data that can identify a person directly or indirectly (GDPR Art. 4, LGPD Art. 5, NIST SP 800-122). This includes data that isn't identifying alone but becomes PII when linked to a person — farm names, animal names with known owners, license plates, vehicle VINs, student IDs, property addresses, social media handles, company names of sole proprietors, device IDs linked to accounts, IP addresses. See 
references/pii-definition.md
for the full definition and linkability test. When in doubt, treat it as PII.
在生成或审查处理个人数据的代码时,先运行扫描器: 
ruby .claude/skills/privacy-by-design-rails/scripts/scanner.rb --files <relevant files>
如需了解任何主题的更深入内容,请阅读
references/
目录下的相关参考文件。
什么是PII? 任何可以直接或间接识别个人的数据(GDPR第4条、LGPD第5条、NIST SP 800-122)。这包括单独不具备识别性,但与个人关联后成为PII的数据——农场名称、已知所有者的动物名称、车牌、车辆VIN码、学生ID、物业地址、社交媒体账号、个体经营者的公司名称、与账户关联的设备ID、IP地址。完整定义和关联性测试请参阅
references/pii-definition.md
如有疑问,一律视为PII处理。

Quick Reference

快速参考

PrincipleRails FeatureFile
Log + inspect filtering
config.filter_parameters
(covers both)		references/log-and-output-protection.md
Per-model PII declaration
self.filter_attributes
(self-documenting)		references/log-and-output-protection.md
Job arg protection (ActiveJob)
self.log_arguments = false
(set in ApplicationJob)		references/log-and-output-protection.md
Job arg protection (Sidekiq)Server middleware + pass IDs onlyreferences/log-and-output-protection.md
PII redaction in logs
logstop
gem		references/log-and-output-protection.md
IP anonymization
ip_anonymizer
middleware		references/log-and-output-protection.md
Error reporter scrubbingScrub PII from Sentry/Rollbar/etc.references/log-and-output-protection.md
APM/monitoring scrubbingScrub PII from AppSignal/NewRelic/etc.references/log-and-output-protection.md
Data minimizationStrong parameters + serializersreferences/data-minimization.md
Searchable encryption
encrypts :field, deterministic: true
references/encryption.md
Non-searchable encryption
encrypts :field
references/encryption.md
Password hashing
has_secure_password
references/encryption.md
Key rotation
encrypts :field, previous: [...]
references/encryption.md
Secrets management
bin/rails credentials:edit
references/secrets-management.md
Security auditingbundler-audit, Brakeman, pdscanreferences/secrets-management.md
HTTPS enforcement
config.force_ssl = true
+ HSTS		references/session-security.md
Session securitySigned cookies / Bearer tokensreferences/session-security.md
Consent managementImmutable append-only audit trailreferences/consent-management.md
Consent enforcementController concern gating actionsreferences/consent-management.md
Consent-gated exports
ConsentGatedExportSerializer
for processing		references/consent-management.md
AnonymizationReplace PII with 
[ANONYMIZED]
references/anonymization.md
PseudonymizationHMAC hash preserving analytics linksreferences/pseudonymization.md
DSAR workflowAccess / Rectification / Erasurereferences/dsar.md
Data retentionSolid Queue scheduled jobsreferences/data-retention.md
原则Rails特性文件
日志与检查过滤
config.filter_parameters
(同时覆盖两者)		references/log-and-output-protection.md
按模型声明PII
self.filter_attributes
(自文档化)		references/log-and-output-protection.md
作业参数保护(ActiveJob)
self.log_arguments = false
(在ApplicationJob中设置)		references/log-and-output-protection.md
作业参数保护(Sidekiq)服务器中间件 + 仅传递IDreferences/log-and-output-protection.md
日志中的PII脱敏
logstop
gem		references/log-and-output-protection.md
IP匿名化
ip_anonymizer
中间件		references/log-and-output-protection.md
错误报告脱敏从Sentry/Rollbar等工具中清理PIIreferences/log-and-output-protection.md
APM/监控脱敏从AppSignal/NewRelic等工具中清理PIIreferences/log-and-output-protection.md
数据最小化强参数 + 序列化器references/data-minimization.md
可搜索加密
encrypts :field, deterministic: true
references/encryption.md
不可搜索加密
encrypts :field
references/encryption.md
密码哈希
has_secure_password
references/encryption.md
密钥轮换
encrypts :field, previous: [...]
references/encryption.md
密钥管理
bin/rails credentials:edit
references/secrets-management.md
安全审计bundler-audit、Brakeman、pdscanreferences/secrets-management.md
HTTPS强制启用
config.force_ssl = true
+ HSTS		references/session-security.md
会话安全签名Cookie / Bearer令牌references/session-security.md
同意管理不可变的追加式审计追踪references/consent-management.md
同意执行控制器关注点 gated actionsreferences/consent-management.md
基于同意的导出使用
ConsentGatedExportSerializer
处理		references/consent-management.md
匿名化
[ANONYMIZED]
替换PII		references/anonymization.md
伪匿名化保留分析关联的HMAC哈希references/pseudonymization.md
DSAR工作流访问 / 更正 / 删除references/dsar.md
数据留存Solid Queue定时作业references/data-retention.md

Putting It All Together — The User Model

综合实践——用户模型

ruby
class User < ApplicationRecord
  has_secure_password
  has_many :sessions, dependent: :destroy
  has_many :addresses, dependent: :destroy
  has_many :orders, dependent: :restrict_with_error
  has_many :consents, dependent: :destroy
  has_many :data_subject_requests, dependent: :destroy

  include Anonymizable
  include Pseudonymizable
  include DataExportable
  include HasConsent

  encrypts :email_address, deterministic: true, downcase: true
  encrypts :first_name
  encrypts :last_name
  encrypts :phone
  encrypts :date_of_birth

  self.filter_attributes = %i[
    first_name last_name phone date_of_birth
    email_address password_digest
  ]

  enum :role, { customer: 0, admin: 1 }

  anonymizable :first_name, :last_name, :phone, :date_of_birth
  exportable :uuid, :email_address, :first_name, :last_name, :phone, :date_of_birth

  normalizes :email_address, with: ->(e) { e.strip.downcase }
end
ruby
class User < ApplicationRecord
  has_secure_password
  has_many :sessions, dependent: :destroy
  has_many :addresses, dependent: :destroy
  has_many :orders, dependent: :restrict_with_error
  has_many :consents, dependent: :destroy
  has_many :data_subject_requests, dependent: :destroy

  include Anonymizable
  include Pseudonymizable
  include DataExportable
  include HasConsent

  encrypts :email_address, deterministic: true, downcase: true
  encrypts :first_name
  encrypts :last_name
  encrypts :phone
  encrypts :date_of_birth

  self.filter_attributes = %i[
    first_name last_name phone date_of_birth
    email_address password_digest
  ]

  enum :role, { customer: 0, admin: 1 }

  anonymizable :first_name, :last_name, :phone, :date_of_birth
  exportable :uuid, :email_address, :first_name, :last_name, :phone, :date_of_birth

  normalizes :email_address, with: ->(e) { e.strip.downcase }
end

Common Mistakes (not caught by scanner)

常见错误(扫描器无法检测)

MistakeFix
Deleting records with dependents for right to erasurePrefer anonymization when the record has dependents — preserves referential integrity. Some authorities prefer true deletion, so check local requirements
Storing consents as a boolean flagUse immutable append-only records for audit trail
Exposing sequential IDs in APIsUse UUIDs as public identifiers
Manual data retentionAutomate with Solid Queue scheduled jobs
错误修复方案
为满足删除权而删除带有依赖项的记录当记录存在依赖项时,优先选择匿名化——保留引用完整性。部分监管机构要求真正删除,因此请查阅当地要求
将同意存储为布尔值标记使用不可变的追加式记录来保留审计追踪
在API中暴露自增ID使用UUID作为公开标识符
手动管理数据留存使用Solid Queue定时作业实现自动化

External References

外部参考

Consult these when you need the latest guidance or to verify patterns against official sources. Use WebFetch when needed — don't fetch all of them upfront.
当你需要最新指导或验证模式是否符合官方来源时,请参考以下内容。必要时使用WebFetch——无需预先获取全部内容。

Rails

Rails相关

GDPR

GDPR相关

LGPD (Brazil)

LGPD(巴西)相关