I receive a daily feed from http://datalossdb.org/latest_incidents.rss which provides very basic information in regard to data loss events. These data loss events are not situations where a database crashes and data is lost, these are events in which valuable or sensitive data is disclosed to unauthorized parties. Examples of these events are:

• Names, addresses and social security numbers of college students are published on the Internet.
• A document containing sensitive information is found in a trash can.
• Sensitive data that is contained on a laptop which is stolen from an employee's or auditor's automobile.
• A disk containing sensitive information about a business' customers is lost.
• A hacker gains access to a server containing sensitive data.

I have been watching this feed for quite sometime and have been amazed at the frequency of these events. These occur on a daily basis and involves some rather significant organizations. It is very interesting to see that the events that are caused by hackers is a small percentage of the lot. Majority of them are the result of misplacement of data or irresponsible disclosure.

There is a lot that can be done to protect data while it is in storage. There is also a lot that can be done to protect data as it travels from the database to the user interface and back again. Role based security, encryption and other obfuscation methods provide the armored car affect for the data. Once data has been disclosed the imperfect human factor enters the picture.

A person who is otherwise authorized to view sensitive data might then save it in an Excel Spreadsheet on their laptop which gets stolen from their car. They might attach the information to an e-mail that they accidentally send to the entire company and their book club buddies. The might save that information on their favorite thumb drive which falls out of their pocket as they answer their cell phone... and the examples go on an on.

It is an excellent practice for the DBA or Developer to question the inclusion of sensitive data in an unprotected format on any vehicle of disclosure. The requestor may not realize that the data that they see every day could be considered sensitive. The requestor may not fully understand the consequences of further disclosing this data to potential unauthorized parties. It is very likely that the sensitive data may not be needed at all except for record identification purposes and an alternative piece of data could be recommended.

The practice of sending reports, data extracts or user interface displays that contain unprotected sensitive information to their recipients is not unlike attaching a scroll of paper to the leg of a pigeon in the old pigeon post days. While it is a very effective method of delivering data to those in need of it, the path is fraught with falcons and hunters awaiting to intercept the data.