It's an interesting question, but it's ultimately a "damned if you do and damned if you don't" kind of scenario. If you were to devise a scenario allowing you to store data so that NOONE else can get to it, then you and you alone would be responsible for that data, which would put the company at a severe disadvantage if you to leave/be fired/step in front of the proverbial bus etc.... All of those aspects surrounding safeguarding the data (access/encryption/backups, auditing) would then need to fall on the end-user rather than any centralized role.

Someone ultimately needs to be able to retrieve your info in any of those scenarios or have access to the keys that unlock the access to said data (encryption keys, etc....), so someone has to be trusted with it. While at that point it might be desirable to break that up among several people, once you're at that point, it's really more a matter of knowing WHO has the access. It's funny - in many industries having someone in that role would actually be required, since pretty much anyone falling under Sarbanes/Oxley would need to functionally be able to retrieve sensitive data to turn over for review.

I'd say it's actually a little safer to presume that anyone in those few positions (DBA, domain admins, storage admins, etc...) will by nature have access to sensitive data, and should be trained and hired with these concerns in mind. This then kind of ties back into Brad's initial question: DBA's (and others) then become guardians of the data for the corporation.