Doug, I would start by talking to your H.R. management. The key term to use is HIPAA, if you are in the U.S. You can't do this task yourself, you need to work with the users. Obviously if you started deleting info, the app would stop working. But you need to approach the users carefully. You could gather a lot of information on your own, but the issue of a DBA browsing the data is a sensitive one. To do your job, under current Oracle versions, a DBA can access all the data, but the users don't like to hear that. They certainly don't want to hear you have lots of spare time on your hands to go browsing around. You might want to gently broach the subject with your concerns. Should they insist there is no sensitive data, you could then ask if they care if you browse around. Dennis Williams