Treat All Sensitive Data as Important

We know that not all the data in our company is important. We have databases that contain orders or inventory or schedules, often much of which isn't easily or directly related to an individual. At least, it's not if you have a normalized database. If you use SQL Server to emulate Excel spreadsheets, it's possible that most of the rows of information in your system contain sensitive data.

In some systems, there is definitely some data that is sensitive and needs more care than other data. We know this, and with legislation like the GDPR, we must protect this data. We also need to ensure we know where this data is, and having a good data catalog is important. This is something that few of us have, though I expect this to be a more regular part of our job as data professionals. SQL Server is building data classification into the product, which I am happy to see.

When data is sensitive, we need to treat it carefully, even if we don't like the content of the data. Recently there was a data breach from B&Q, a home improvement retailer in the UK, where 70,000 names were lost. These weren't customers, but rather people that had been caught stealing from the stores. Perhaps this was an honest mistake, on a data store with poor security. Perhaps no one thought this data needed security because these were criminals, or suspected criminals. Even if these were individuals that might be prosecuted by the company, their data still deserves the same protection as any other person's data.

I don't know what the fallout will be from this breach, and certainly most people would have little sympathy for criminals, but who knows just how accurate the data might be. I certainly think this is a situation where there is a high likelihood of legal action against the company if the proper GDPR notifications were not followed. Wouldn't that insult to injury? People caught or suspected of theft suing you because you leaked their personal information. I could certainly see management getting extra upset and terminating someone that forgot to secure these systems.

Lockdown or Let Them Free

by Steve Jones

SQLServerCentral.com

Editorial

Do we take security too far? Are we creating unnecessary rules for those that need to use the resources we support? Steve Jones talks today about security and how we might want to approach it when handling rights for developers.

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

4.5 (2)

You rated this post out of 5. Change rating

2014-06-27 (first published: 2009-09-21)

217 reads

Discuss

Placing a Value on Data

by Steve Jones

SQLServerCentral.com

Editorial

What's your stolen data worth? It might be worth investigating, as Steve Jones suggests. Then you'll know how much you should be spending to protect it.

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

You rated this post out of 5. Change rating

2009-08-05

66 reads

Discuss

The Danger of Algorithms

by Steve Jones

SQLServerCentral.com

Editorial

What problems occur because of the algorithm chosen to generate data? A new report says that social security numbers in the US can be predicted. Steve Jones has a few warnings about what algoriothms you choose.

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

You rated this post out of 5. Change rating

2014-04-28 (first published: 2009-07-27)

326 reads

Discuss

Administering Securely

by Steve Jones

SQLServerCentral.com

Editorial

A common request is how can you secure SQL Server data and prevent the system administrator from viewing data. Steve Jones talks a little about the issue and how you can handle it.