Getting database issues resolved while managing sensitive information sensibly

Published on
17,734 Points
22 Endorsements
Last Modified:
Experts-Exchange is a great place to come for help with solutions for your database issues, and many problems are resolved within minutes of being posted.  Others take a little more time and effort and often providing a sample database is very helpful in getting your questions answered.

Posting samples however, comes with responsibility and risks.  Your employer and clients have entrusted you with their databases and their data, and it is up to you to use care and respect when sharing applications with others.

So what kind of data is safe to share?

As a rule, you should never, ever post Personally Identifiable Information (PII).  In a nutshell, this is any information that can be used by itself or in conjunction with other collected data to identify or locate another person.   This article lists specific types of information that fall into this category, and discusses the potential hazards of sharing it:

Conversely, a database of recipes may (*see note) be okay to share, as it does not compromise sensitive information about other people.

In addition to PII, you should take into account whether your database contains:
-      Classified information (enough said)
-      Proprietary or competition sensitive information
-      Anything else your employer or clients do not want shared

Also keep in mind that it is not just data in your tables that can be sensitive.  Care should also be taken with code, designs, variable and object names, etc that may contain names, projects, work details or anything else that singly or combined compromise too much information.

If there is any grey area or doubt, ask your employers or clients before posting.  While some data may seem harmless, if you are building a database for anyone other than yourself, it would be prudent to ask whether it can be shared (the database you are working on is ultimately someone else’s property).

Never assume…

Although many people recognize that the databases they are trusted with contain sensitive information, with the pressure to get problems resolved quickly, there are still common mistakes that are made.

Assuming that questions posted here are private to the EE community
While the activity on EE questions is limited to Members, anything  posted here can be found by anyone with an internet connection.

Posting a database with the intent of removing it after the question is resolved
Some authors do this, and sometimes it is even wrongly suggested by Experts.  Once a database is posted and is used as the basis for the discussion and the solution, it becomes an integral part of that thread.   The Mods do not delete posted samples.  In the interest of keeping the value of the questions and EE’s knowledgebase intact, they only replace the original uploads with comparable samples that have been sanitized by the Authors.   This is a lot of work for all involved, especially for the OP scrubbing the sample, and it can take a couple of weeks for deleted/replaced information to stop showing up in Google searches.  So it is best to do things right the first time around.

Emailing a sample containing sensitive information to a 'trusted' Expert
Even with private communication, someone who is not authorized to see the information is at the receiving end.  (Plus, EE does not allow email-based solutions)

While Experts-Exchange is a friendly and very helpful online community, there is simply no telling what is going to happen with sensitive information once it gets posted (or emailed), or how it will be used before it gets ‘cleaned up’.  The only thing that is certain is that it has left your control, and the bottom line is that information that should have been kept close has been compromised.

Tips for posting samples sensibly

Don’t rush to post a sample.  In most cases, if you describe your problem clearly, and respond to any requests for clarification a sample is not needed at all.  Your questions should stand on their own, with samples provided if needed for additional clarification or resolving trickier issues.

Whenever possible, create your samples from scratch.  This eliminates the possibility of accidentally copy/pasting and uploading sensitive information, since it makes you very aware of what you are including.  It also generally makes for a smaller sample, focused specifically on the issue you are trying to resolve – which is easier for the Experts to work with, and can lead to a quicker solution.

If it is not possible or reasonable to create a sample from scratch, create a new database and import only the portions needed to illustrate the issue at hand.  As you are doing so, ensure that your data, code, variable and object  names, etc are safe to share.  This method again limits the sample to just the important parts and is helpful in speeding a solution.

If you are sharing tables, remove any real data.  The actual data is almost never a factor in resolving problems – just the table structure, forms, code etc.  Having a few lines of junk data is usually enough.  It is useful to maintain a ‘development’ back-end with tables containing only junk data, which can be shared if needed.

If you feel a problem absolutely, positively cannot be resolved without posting a full database, take extreme care in what you post.  If there is sensitive information contained in that database, you should seriously consider options other than an online forum.


While this may seem like a lot of time and effort – especially with urgent, time sensitive problems to resolve, it is well worth it.  Carelessness in this area compromises the privacy of others and trust, and can put your job on the line.
LVL 38

Expert Comment

Really solid advice for all of our members - and not just in the Access Zones. We see a lot of critically private information in screenshots over in the OS and Malware Zones.

"Yes" vote above.

Expert Comment

Voted "Yes". This is important information, as the Moderators indeed receive many support requests regarding removing sensitive content, or even deleting solved questions.

Community Support Moderator
LVL 76

Expert Comment

by:Alan Hardisty
Yes vote from me.  A great, well written article.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Administrative Comment

Yes from me as well
LVL 93

Expert Comment

by:Patrick Matthews
A very enthusiastic "yes" from me!

BTW, the following tool may be helpful in generating dummy data for use in testing (and in asking/answering EE questions!).


It runs from Excel, but you can always create the data in Excel, and then import it into Access.

I was fortunate to snag a free copy when the author was looking for feedback.  I suspect that the very modest $35 cost earns back its cost in less than an hour for most of the professional developers here :)
LVL 61

Author Comment

Thanks, Patrick -

I think a lot of employers would cover that $35!
LVL 61

Expert Comment

by:Jim Dettman (Microsoft MVP/ EE MVE)
Very nice....something long overdue!

  Now we only need a "sticky" feature so we could pin stuff like this to the top of the zones.

LVL 28

Expert Comment

by:Glenn Ray
"Yes" vote from me as well.

Unfortunately in the MS Office zones, a lot of users don't check the properties of the sample files they attach.  Often,
their real name and company names are embedded in the data.  This article probably doesn't reach them.

When I post example file - either in questions or in reply to questions, I usually strip this information out as a precaution.

Featured Post

Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
A query can call a function, and a function can call Excel, even though we are in Access. This is Part 2, and steps you through the VBA that "wraps" Excel functionality so we can use its worksheet functions in Access. The declaration statement de…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month