Jim Youmans-439383 (3/20/2014)
I use to want to know how my data was secured and make sure it was not being put at risk. Use to being the key phase here.I was actually reprimanded (actual HR sit down and note put in my employee file) for "not being a team player" and for "refusing to follow instructions" because I would not copy sensitive personal information (including SSN and some CC numbers, all in clear text) from our production system to several development systems.
My boss told me that my job was to do as I was told and keep the servers running. Let Data Security worry about the security.
The sad truth is that being a DBA does not make you a "data professional" in most companies. It makes you a data monkey that had better do as you are told. If you put up a fuss, you will either get reprimanded or fired.
I left that company soon afterwards, but I have found the same attitude in most other companies that I have worked for.
In my 18 years or experience, the DBA "data professional" that you speak of, with any kind of real decision making power is a myth.
I wouldn't refuse, and I'd say the note was justified. It's a bad idea, but don't confuse your rights/responsibilities with the company's. I wouldn't copy the data unless my boss had given me a document saying I needed to do this, and I'd have notified him this was a potential issue.
At the end of the day, this isn't the same as some illegal activity. My job is to get work done and inform the company of potential issues with the process. If they still want it done and assume responsibility, I'm OK with that.