At one time our data used to be secured in a file cabinet that was locked when the person in charge of that data was not around. We are a far cry from that. While we have somewhat mastered the ability to store seemingly endless amounts of data as you described, Steve, we have not even begun to master the access controls, restrictions, guidelines, etc that should be placed on that data. Many will express their frustration with things like Sarbanes Oxley or HIPAA yet in the days of the file cabinet you would have had to go through one or two people to get access to that data, and they would be looking over their glasses at you wondering why you need to see it. Even if they did let you have access they would probably only have given you the detail which you needed, not all the other information that you could easily see by looking through the whole file. I have been in the medical records room putting computers in place, being watched by one of the staff to make sure that my eyes were staying on the task at hand. When they all had to leave the room, so did I. Now, with everything going in the database, there are many more people with access to that same data which was once vigilantly protected.

Somehow we need to get to the place where we are able to master data access in such a way that people, by job definition, only get to see the data that they truly need, and yet all jobs functions are able to work flawlessly without being constrained by those same restrictions. Utopia? Maybe. Regardless, that is going to mean that companies are going to need to put a higher value on security of data, and through that they will force other companies to come up with better ways of controlling that access. You can do that to a certain degree today with the security mechanisms in SQL Server, but something more robust is needed, another layer maybe, that is abstracted to the level of job title / description. Government mandates are not the solution though. You, me, we, putting a value on our data, and holding companies accountable to the security of that data is what is going to drive this. We as the consumer, need to find those companies that are protecting our data, and then use them, regardless of our technical bias, etc. When we start using those companies that are serious about data protection, then you will see more companies doing that. Look at the organic industry. People got serious about the quality of their food, and what was once a small niche market now has every food manufacturer fighting to get a foothold in that market. They have changed for the desires of the consumer. Hmmm, sounds like capitalism at the data level. 🙂

Just my thoughts.....