Re: removing/masking sensitive data

  • From: "Dennis Williams" <oracledba.williams@xxxxxxxxx>
  • To: dag@xxxxxxxxxxxxxxx
  • Date: Mon, 18 Dec 2006 10:21:52 -0600


I would start by talking to your H.R. management. The key term to use is
HIPAA, if you are in the U.S.
You can't do this task yourself, you need to work with the users. Obviously
if you started deleting info, the app would stop working.
But you need to approach the users carefully. You could gather a lot of
information on your own, but the issue of a DBA browsing the data is a
sensitive one.
To do your job, under current Oracle versions, a DBA can access all the
data, but the users don't like to hear that. They certainly don't want to
hear you have lots of spare time on your hands to go browsing around.
You might want to gently broach the subject with your concerns. Should they
insist there is no sensitive data, you could then ask if they care if you
browse around.

Dennis Williams

Other related posts: