January 25, 2023 at 12:00 am
Comments posted to this topic are about the item Losing Track of Data
January 25, 2023 at 8:54 pm
Well, you can't just sit down and ask a handful of software engineers or DBAs.
A few years back, I worked on a team implementing a CCPA compliance project - or an enterprise wide customer delete / anonymization project. Phase 1 involved a series of meeting that included representatives across all IT and business teams where we learned about how CCPA defines PII and also we added a few of our own additions as well like IP addresses. A couple of business analysts would interview team members and compile basically a data dictionary. I told them to collect the complete server, database, table, and column names that contain PII, because this document eventually became the reference data that drives the CCPU update process that I developed.
It takes a village.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
January 25, 2023 at 9:09 pm
That is does. Especially with all the self-services stuff in many orgs.
January 26, 2023 at 9:23 am
I'm remembering SQLSlammer. Many SQL shops got caught out even though they had patched every SQL Server they knew about.
It was the MSDE instances they didn't know about that slaughtered them.
If you can miss entire instances then missing the data is really easy.
Then there are all those Excel sheets and Sharepoint sites in an organisation.
I did a POC with a variety of PII scanners. Our compliance and risk folk aged 10 years in 1 week.
January 26, 2023 at 1:47 pm
A related problem I see is that they know where the data is, but the same data is in so many different places there is no understanding of what source is the truth.
Michael L John
If you assassinate a DBA, would you pull a trigger?
To properly post on a forum:
http://www.sqlservercentral.com/articles/61537/
January 26, 2023 at 3:55 pm
I'm remembering SQLSlammer. Many SQL shops got caught out even though they had patched every SQL Server they knew about.
It was the MSDE instances they didn't know about that slaughtered them.
If you can miss entire instances then missing the data is really easy.
Then there are all those Excel sheets and Sharepoint sites in an organisation.
I did a POC with a variety of PII scanners. Our compliance and risk folk aged 10 years in 1 week.
Killed us at JDE. We used it embedded in a product, so it was on so many dev workstations, as well as customers' installs. It wasn't in a default location and we had to get MS to make a special patch that wasn't looking on the c: drive.
January 26, 2023 at 3:55 pm
A related problem I see is that they know where the data is, but the same data is in so many different places there is no understanding of what source is the truth.
A whole different mess, where you might not know what your risk is with slightly different data everywhere. I could see someone having "Steve Jones" in a few places, with two or more email addresses.
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply