SQLServerCentral Editorial

What Data Should You Protect?

,

I'm starting to think that we might need to protect almost all data. Perhaps even encrypting more fields in our systems than we have in the past. After reading this article about how 10 digits are enough to identify you, I'm more than a little worried.

The article talks about only needing your birthday, your zip code, and gender to positively identify the vast majority of people in the US. That's not much information, and it definitely means I'm definitely not giving out my birthday anymore to the vast majority of people that ask for it. I'll likely not even use my current zip code anymore since most of the places that ask about it are probably fine with knowing the general area and don't need the specific code.

More and more it appears that it is possible to single out people using online systems because of the algorithms used. There are smart people out there looking to find out how things work and challenge themselves to do so. There are other smart people out there looking to exploit this information for criminal purposes. In both cases, it makes for a scary online world.

More and more I think that we should be using identity information less and less, and sticking with pseudonyms, "handles" and surrogate keys to allow us to interact with clients and customers. How often do we really need to keep accurate personal information about people? I think that the drive by database people to have "accurate" information leads us to gather and store more than we need.

As DBAs, I think it's important to really stop and think about what information we need to store about someone when designing a data model. The business people will always want everything, and while I think more data is usually better, I'm not so sure in this case.

Be a responsible data modeler, and take into account privacy and security information when you build your model.

Steve Jones


The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

Rate

5 (1)

You rated this post out of 5. Change rating

Share

Share

Rate

5 (1)

You rated this post out of 5. Change rating