So, when I get on a plane, I often have a newspaper with me. Whether you are on a plane, train, or anywhere with close quarters with other people, there is a bit of etiquette involved, and a standard trick that frequent travellers are supposed to know about. Adherence with this trick is unfortunately minimal however. The trick is as follows: Take the paper as it was delivered, and unfold just the middle crease without opening the paper – you have only page 1 in front of you. Fold the paper in half lengthwise and backwards, you should be able to see the left half of page 1. Using this fold down the middle of the paper, you can read the entire paper without ever bothering the people sitting next to you.
When it comes to data, keeping everything in it’s place and not dispersing data into unwelcome areas is paramount. HR data is probably the most sensitive data in the organization. I’m not saying that other data that may contain trade secrets is not equally important, but HR knows stuff about our employees that they really don’t want released. While openness about jobs and salaries has seemed to increase with the younger generations, there is still a great deal of sensitivity around many issues, and certainly a large amount of data that must be protected from a compliance perspective (such as diversity information and ER claims). While we have tried to segregate data in such a way that prevents unauthorized access into the database, security and access rights to the systems of record is only the tip of the iceberg when it comes to unraveling the solution to this problem. Like an email, once a report is generated or an interface is created, the owner of data simply loses control and can’t really ever be sure where that data is going to land.
There really aren’t any good solutions at this time. You can restrict data so that it does not land in a data warehouse, or prevent integration to other systems, but at some point, there will be a hardcopy report floating on a desk, waiting to be whisked off by the wrong person’s hands. I’m not really an advocate of putting huge amounts of controls on data. I think that you appoint a system of record, data owners, access rights, and do your best in a well managed data environment. I am curious about what others are doing out there to prevent unauthorized or unplanned dissemination of sensitive data other than simple data governance and data management measures. Is there anything out there that can handle this yet?