SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Treat All Sensitive Data as Important

By Steve Jones,

We know that not all the data in our company is important. We have databases that contain orders or inventory or schedules, often much of which isn't easily or directly related to an individual. At least, it's not if you have a normalized database. If you use SQL Server to emulate Excel spreadsheets, it's possible that most of the rows of information in your system contain sensitive data.

In some systems, there is definitely some data that is sensitive and needs more care than other data. We know this, and with legislation like the GDPR, we must protect this data. We also need to ensure we know where this data is, and having a good data catalog is important. This is something that few of us have, though I expect this to be a more regular part of our job as data professionals. SQL Server is building data classification into the product, which I am happy to see.

When data is sensitive, we need to treat it carefully, even if we don't like the content of the data. Recently there was a data breach from B&Q, a home improvement retailer in the UK, where 70,000 names were lost. These weren't customers, but rather people that had been caught stealing from the stores. Perhaps this was an honest mistake, on a data store with poor security. Perhaps no one thought this data needed security because these were criminals, or suspected criminals. Even if these were individuals that might be prosecuted by the company, their data still deserves the same protection as any other person's data.

I don't know what the fallout will be from this breach, and certainly most people would have little sympathy for criminals, but who knows just how accurate the data might be. I certainly think this is a situation where there is a high likelihood of legal action against the company if the proper GDPR notifications were not followed. Wouldn't that insult to injury? People caught or suspected of theft suing you because you leaked their personal information. I could certainly see management getting extra upset and terminating someone that forgot to secure these systems.

Total article views: 30 | Views in the last 30 days: 30
Related Articles

Bad IT People

What happens when you have bad IT people working in your company? Steve Jones says that they always ...


Why Do People Leave a Good Company?

  When people join a company, it’s usually with a sense of anticipation, of excitement, and of en...


Company Rewards

Is there something that your company could do for you that would show that they valued your employme...


Big Companies are Improving with DevOps

Steve Jones notes that not just the small, startup, agile companies use DevOps. Nor is it just techn...


We are All Data Companies

Many companies are data companies, whether they realize it or not.