Can someone shed light on how you or your company is protecting the most sensitive data (like Social Security, Credit Card or Bank Account numbers and financial information) from DBAs and other high level IT folks with complete access to Production data?
Whatever the process you follow, the privacy protection processes should not prevent authorized persons from obtaining the right data at the right times. Please share your experiences.
I think similar to Oracle FAST, Teradata Fast Masking data maybe doing. Maybe you can enquire about this tool. Else you may need to evolve an algorithm , writing your own like substituting those values with something else, whereas their actual values are stored somewhere else.
Primarily, i have seen following approaches:
- Basic one, get them sign NDA .... and enforce it
- Give access via views and encrypt data
- For selected few reports having sensitve information, export [encrypted] dataset and build reports on top of it .... giving the end-user a key to decrypt results
- Most interesting i found out was .... client had a seperate DB with all sensitive information and nothing was visibile to anyone .... but 1 [in-house developed] application used to generate reports using a mix of UDFs, external procs and file based processing .... was the most complex, but cleanest approach.
The concern in all options is that by the end of the day .... someone will have an access to sensitive data and this can't be worked-around.
Thanks guys, i am glad to know that there are some products available in this domain.
Coming to "sign NDA .... and enforce it", are you saying generating access reports for DBA user ids from DBC.QryLog?
NDA is (confidentinal) non-disclosure agreeement, signed by two parties( say an employee signed an NDA with the employer) so that few secret things should be respected and not to be divulged outside. I did sign few NDA dcouments when I worked for few organizations(say banks and insurance companies) in the US and Europe so that I don't disclose any secrets of theirs.
But as Adeel , pointed out, high chances of leakages maybe there, by some means or there, intentionally or unintentionally :). However, you have choices of implementing the best options of them.
Secret things can be account,customer names, agreement clauses etc