Experts-Exchange is a great place to come for help with solutions for your database issues, and many problems are resolved within minutes of being posted. Others take a little more time and effort and often providing a sample database is very helpful in getting your questions answered.
Posting samples however, comes with responsibility and risks. Your employer and clients have entrusted you
with their databases and their data, and it is up to you to use care and respect when sharing applications with others.
So what kind of data is safe to share?
As a rule, you should never, ever
post Personally Identifiable Information (PII). In a nutshell, this is any information that can be used by itself or in conjunction with other collected data to identify or locate another person. This article lists specific types of information that fall into this category, and discusses the potential hazards of sharing it:
Conversely, a database of recipes may (*
see note) be okay to share, as it does not compromise sensitive information about other people.
In addition to PII, you should take into account whether your database contains:
- Classified information (enough said)
- Proprietary or competition sensitive information
- Anything else your employer or clients do not want shared
Also keep in mind that it is not just data in your tables that can be sensitive. Care should also be taken with code, designs, variable and object names, etc that may contain names, projects, work details or anything else that singly or combined compromise too much information.
If there is any grey area or doubt, ask your employers or clients before posting. While some data may seem harmless, if you are building a database for anyone other than yourself, it would be prudent to ask whether it can be shared (the database you are working on is ultimately someone else’s property).
Although many people recognize that the databases they are trusted with contain sensitive information, with the pressure to get problems resolved quickly, there are still common mistakes that are made.
Assuming that questions posted here are private to the EE community
While the activity on EE questions is limited to Members, anything posted here can be found by anyone with an internet connection.
Posting a database with the intent of removing it after the question is resolved
Some authors do this, and sometimes it is even wrongly suggested by Experts. Once a database is posted and is used as the basis for the discussion and the solution, it becomes an integral part of that thread. The Mods do not delete posted samples. In the interest of keeping the value of the questions and EE’s knowledgebase intact, they only replace the original uploads with comparable samples that have been sanitized by the Authors. This is a lot of work for all involved, especially for the OP scrubbing the sample, and it can take a couple of weeks for deleted/replaced information to stop showing up in Google searches. So it is best to do things right the first time around.
Emailing a sample containing sensitive information to a 'trusted' Expert
Even with private communication, someone who is not authorized to see the information is at the receiving end. (Plus, EE does not allow email-based solutions)
While Experts-Exchange is a friendly and very helpful online community, there is simply no telling what is going to happen with sensitive information once it gets posted (or emailed), or how it will be used before it gets ‘cleaned up’. The only thing that is certain is that it has left your control, and the bottom line is that information that should have been kept close has been compromised.
Tips for posting samples sensibly
Don’t rush to post a sample. In most cases, if you describe your problem clearly, and respond to any requests for clarification a sample is not needed at all. Your questions should stand on their own, with samples provided if needed for additional clarification or resolving trickier issues.
Whenever possible, create your samples from scratch. This eliminates the possibility of accidentally copy/pasting and uploading sensitive information, since it makes you very aware of what you are including. It also generally makes for a smaller sample, focused specifically on the issue you are trying to resolve – which is easier for the Experts to work with, and can lead to a quicker solution.
If it is not possible or reasonable to create a sample from scratch, create a new database and import only the portions needed to illustrate the issue at hand. As you are doing so, ensure that your data, code, variable and object names, etc are safe to share. This method again limits the sample to just the important parts and is helpful in speeding a solution.
If you are sharing tables, remove any real data. The actual data is almost never a factor in resolving problems – just the table structure, forms, code etc. Having a few lines of junk data is usually enough. It is useful to maintain a ‘development’ back-end with tables containing only junk data, which can be shared if needed.
If you feel a problem absolutely, positively cannot be resolved without posting a full database, take extreme care in what you post. If there is sensitive information contained in that database, you should seriously consider options other than an online forum.
While this may seem like a lot of time and effort – especially with urgent, time sensitive problems to resolve, it is well worth it. Carelessness in this area compromises the privacy of others and trust, and can put your job on the line.