Community Pick: Many members of our community have endorsed this article.
Editor's Choice: This article has been selected by our editors as an exceptional contribution.

Getting database issues resolved while managing sensitive information sensibly

mbizup
CERTIFIED EXPERT
Published:
Updated:
Experts-Exchange is a great place to come for help with solutions for your database issues, and many problems are resolved within minutes of being posted.  Others take a little more time and effort and often providing a sample database is very helpful in getting your questions answered.

Posting samples however, comes with responsibility and risks.  Your employer and clients have entrusted you with their databases and their data, and it is up to you to use care and respect when sharing applications with others.

So what kind of data is safe to share?

As a rule, you should never, ever post Personally Identifiable Information (PII).  In a nutshell, this is any information that can be used by itself or in conjunction with other collected data to identify or locate another person.   This article lists specific types of information that fall into this category, and discusses the potential hazards of sharing it:


Conversely, a database of recipes may (*see note) be okay to share, as it does not compromise sensitive information about other people.

In addition to PII, you should take into account whether your database contains:
-      Classified information (enough said)
-      Proprietary or competition sensitive information
-      Anything else your employer or clients do not want shared

Also keep in mind that it is not just data in your tables that can be sensitive.  Care should also be taken with code, designs, variable and object names, etc that may contain names, projects, work details or anything else that singly or combined compromise too much information.

*Note:
If there is any grey area or doubt, ask your employers or clients before posting.  While some data may seem harmless, if you are building a database for anyone other than yourself, it would be prudent to ask whether it can be shared (the database you are working on is ultimately someone else’s property).

Never assume…

Although many people recognize that the databases they are trusted with contain sensitive information, with the pressure to get problems resolved quickly, there are still common mistakes that are made.

Assuming that questions posted here are private to the EE community
While the activity on EE questions is limited to Members, anything  posted here can be found by anyone with an internet connection.

Posting a database with the intent of removing it after the question is resolved
 
Some authors do this, and sometimes it is even wrongly suggested by Experts.  Once a database is posted and is used as the basis for the discussion and the solution, it becomes an integral part of that thread.   The Mods do not delete posted samples.  In the interest of keeping the value of the questions and EE’s knowledgebase intact, they only replace the original uploads with comparable samples that have been sanitized by the Authors.   This is a lot of work for all involved, especially for the OP scrubbing the sample, and it can take a couple of weeks for deleted/replaced information to stop showing up in Google searches.  So it is best to do things right the first time around.

Emailing a sample containing sensitive information to a 'trusted' Expert
 
Even with private communication, someone who is not authorized to see the information is at the receiving end.  (Plus, EE does not allow email-based solutions)

While Experts-Exchange is a friendly and very helpful online community, there is simply no telling what is going to happen with sensitive information once it gets posted (or emailed), or how it will be used before it gets ‘cleaned up’.  The only thing that is certain is that it has left your control, and the bottom line is that information that should have been kept close has been compromised.

Tips for posting samples sensibly

Don’t rush to post a sample.  In most cases, if you describe your problem clearly, and respond to any requests for clarification a sample is not needed at all.  Your questions should stand on their own, with samples provided if needed for additional clarification or resolving trickier issues.

Whenever possible, create your samples from scratch.  This eliminates the possibility of accidentally copy/pasting and uploading sensitive information, since it makes you very aware of what you are including.  It also generally makes for a smaller sample, focused specifically on the issue you are trying to resolve – which is easier for the Experts to work with, and can lead to a quicker solution.

If it is not possible or reasonable to create a sample from scratch, create a new database and import only the portions needed to illustrate the issue at hand.  As you are doing so, ensure that your data, code, variable and object  names, etc are safe to share.  This method again limits the sample to just the important parts and is helpful in speeding a solution.

If you are sharing tables, remove any real data.  The actual data is almost never a factor in resolving problems – just the table structure, forms, code etc.  Having a few lines of junk data is usually enough.  It is useful to maintain a ‘development’ back-end with tables containing only junk data, which can be shared if needed.

If you feel a problem absolutely, positively cannot be resolved without posting a full database, take extreme care in what you post.  If there is sensitive information contained in that database, you should seriously consider options other than an online forum.

End

While this may seem like a lot of time and effort – especially with urgent, time sensitive problems to resolve, it is well worth it.  Carelessness in this area compromises the privacy of others and trust, and can put your job on the line.
22
7,052 Views
mbizup
CERTIFIED EXPERT

Comments (7)

Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Yes vote from me.  A great, well written article.
CERTIFIED EXPERT
Top Expert 2010

Commented:
A very enthusiastic "yes" from me!

BTW, the following tool may be helpful in generating dummy data for use in testing (and in asking/answering EE questions!).

http://www.randomdatagenerator.net/about/

It runs from Excel, but you can always create the data in Excel, and then import it into Access.

I was fortunate to snag a free copy when the author was looking for feedback.  I suspect that the very modest $35 cost earns back its cost in less than an hour for most of the professional developers here :)
CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2013

Author

Commented:
Thanks, Patrick -

I think a lot of employers would cover that $35!
CERTIFIED EXPERT
Fellow
Most Valuable Expert 2017

Commented:
Very nice....something long overdue!

  Now we only need a "sticky" feature so we could pin stuff like this to the top of the zones.

Jim.
Glenn RayUS Data Team Lead
CERTIFIED EXPERT
Top Expert 2014

Commented:
"Yes" vote from me as well.

Unfortunately in the MS Office zones, a lot of users don't check the properties of the sample files they attach.  Often,
their real name and company names are embedded in the data.  This article probably doesn't reach them.

When I post example file - either in questions or in reply to questions, I usually strip this information out as a precaution.

View More

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.