<

Getting database issues resolved while managing sensitive information sensibly

Published on
17,198 Points
5,498 Views
22 Endorsements
Last Modified:
Awarded
Experts-Exchange is a great place to come for help with solutions for your database issues, and many problems are resolved within minutes of being posted.  Others take a little more time and effort and often providing a sample database is very helpful in getting your questions answered.

Posting samples however, comes with responsibility and risks.  Your employer and clients have entrusted you with their databases and their data, and it is up to you to use care and respect when sharing applications with others.

So what kind of data is safe to share?

As a rule, you should never, ever post Personally Identifiable Information (PII).  In a nutshell, this is any information that can be used by itself or in conjunction with other collected data to identify or locate another person.   This article lists specific types of information that fall into this category, and discusses the potential hazards of sharing it:


Conversely, a database of recipes may (*see note) be okay to share, as it does not compromise sensitive information about other people.

In addition to PII, you should take into account whether your database contains:
-      Classified information (enough said)
-      Proprietary or competition sensitive information
-      Anything else your employer or clients do not want shared

Also keep in mind that it is not just data in your tables that can be sensitive.  Care should also be taken with code, designs, variable and object names, etc that may contain names, projects, work details or anything else that singly or combined compromise too much information.

*Note:
If there is any grey area or doubt, ask your employers or clients before posting.  While some data may seem harmless, if you are building a database for anyone other than yourself, it would be prudent to ask whether it can be shared (the database you are working on is ultimately someone else’s property).

Never assume…

Although many people recognize that the databases they are trusted with contain sensitive information, with the pressure to get problems resolved quickly, there are still common mistakes that are made.

Assuming that questions posted here are private to the EE community
While the activity on EE questions is limited to Members, anything  posted here can be found by anyone with an internet connection.

Posting a database with the intent of removing it after the question is resolved
 
Some authors do this, and sometimes it is even wrongly suggested by Experts.  Once a database is posted and is used as the basis for the discussion and the solution, it becomes an integral part of that thread.   The Mods do not delete posted samples.  In the interest of keeping the value of the questions and EE’s knowledgebase intact, they only replace the original uploads with comparable samples that have been sanitized by the Authors.   This is a lot of work for all involved, especially for the OP scrubbing the sample, and it can take a couple of weeks for deleted/replaced information to stop showing up in Google searches.  So it is best to do things right the first time around.

Emailing a sample containing sensitive information to a 'trusted' Expert
 
Even with private communication, someone who is not authorized to see the information is at the receiving end.  (Plus, EE does not allow email-based solutions)

While Experts-Exchange is a friendly and very helpful online community, there is simply no telling what is going to happen with sensitive information once it gets posted (or emailed), or how it will be used before it gets ‘cleaned up’.  The only thing that is certain is that it has left your control, and the bottom line is that information that should have been kept close has been compromised.

Tips for posting samples sensibly

Don’t rush to post a sample.  In most cases, if you describe your problem clearly, and respond to any requests for clarification a sample is not needed at all.  Your questions should stand on their own, with samples provided if needed for additional clarification or resolving trickier issues.

Whenever possible, create your samples from scratch.  This eliminates the possibility of accidentally copy/pasting and uploading sensitive information, since it makes you very aware of what you are including.  It also generally makes for a smaller sample, focused specifically on the issue you are trying to resolve – which is easier for the Experts to work with, and can lead to a quicker solution.

If it is not possible or reasonable to create a sample from scratch, create a new database and import only the portions needed to illustrate the issue at hand.  As you are doing so, ensure that your data, code, variable and object  names, etc are safe to share.  This method again limits the sample to just the important parts and is helpful in speeding a solution.

If you are sharing tables, remove any real data.  The actual data is almost never a factor in resolving problems – just the table structure, forms, code etc.  Having a few lines of junk data is usually enough.  It is useful to maintain a ‘development’ back-end with tables containing only junk data, which can be shared if needed.

If you feel a problem absolutely, positively cannot be resolved without posting a full database, take extreme care in what you post.  If there is sensitive information contained in that database, you should seriously consider options other than an online forum.

End

While this may seem like a lot of time and effort – especially with urgent, time sensitive problems to resolve, it is well worth it.  Carelessness in this area compromises the privacy of others and trust, and can put your job on the line.
22
Comment
Author:mbizup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 38

Expert Comment

by:younghv
Really solid advice for all of our members - and not just in the Access Zones. We see a lot of critically private information in screenshots over in the OS and Malware Zones.

"Yes" vote above.
0
 

Expert Comment

by:Modalot
Voted "Yes". This is important information, as the Moderators indeed receive many support requests regarding removing sensitive content, or even deleting solved questions.

Modalot
Community Support Moderator
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Yes vote from me.  A great, well written article.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Administrative Comment

by:RockMod
Yes from me as well
0
 
LVL 92

Expert Comment

by:Patrick Matthews
A very enthusiastic "yes" from me!

BTW, the following tool may be helpful in generating dummy data for use in testing (and in asking/answering EE questions!).

http://www.randomdatagenerator.net/about/

It runs from Excel, but you can always create the data in Excel, and then import it into Access.

I was fortunate to snag a free copy when the author was looking for feedback.  I suspect that the very modest $35 cost earns back its cost in less than an hour for most of the professional developers here :)
0
 
LVL 61

Author Comment

by:mbizup
Thanks, Patrick -

I think a lot of employers would cover that $35!
0
 
LVL 58

Expert Comment

by:Jim Dettman (Microsoft MVP/ EE MVE)
Very nice....something long overdue!

  Now we only need a "sticky" feature so we could pin stuff like this to the top of the zones.

Jim.
0
 
LVL 27

Expert Comment

by:Glenn Ray
"Yes" vote from me as well.

Unfortunately in the MS Office zones, a lot of users don't check the properties of the sample files they attach.  Often,
their real name and company names are embedded in the data.  This article probably doesn't reach them.

When I post example file - either in questions or in reply to questions, I usually strip this information out as a precaution.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Join & Write a Comment

In Microsoft Access, learn how to use Dlookup and other domain aggregate functions and one method of specifying a string value within a string. Specify the first argument, which is the expression to be returned: Specify the second argument, which …
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month