Is the problem with a blanket set of rules not that DBAs work in varying industries? Many of these industries, particularly those with personal data, are covered by their own "code of ethics" and that applies to all staff, not just DBAs. Certainly in the financial industry in the UK, quality of data, accuracy of reporting, accessing data only with legitimate reasons and many of the other suggestions from the previous articles are already covered. Do we need separate legislation when we're already subject to the suggested restrictions?