Be Responsible

  • skjoldtc (3/2/2010)


    I would guess that management doesn't know about it. On other sites I've seen user i.d.s and passwords posted.

    It terrifies me when I see posts along the lines of

    "Login is failing. My username is sa and the password is <insert simple password here>"

    Seriously....

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • Steve, does the forum software limit the length of the post at all? I don't run a technical site, but we limit our forum posts to 7,000 bytes (text only, including Html markup). Turns out you can actually fit quite a bit in 7,000 bytes.

  • Ron Kane (3/2/2010)


    I agree and am slightly concerned that anyone would ever look at posting the data and think it was a good idea.

    But in the UK we have a Data Protection Act that used to (and I have not checked this for a while) put us between a rock and a hard place. We would not be allowed to test on personal data:

    {Joe | Bloggs | 13 Anywhere St. | London}

    But at the same time creating "Altered" personal data could also break the law, so if the above data became:

    {Joe | Bloggs | 25 Here Road | Manchester}

    We were then storing incorrect data about Joe Bloggs, an offence under the act. Not sure if we also have a problem with storing incorrect info in general (as Joe does not actually exist putting him into my database would also be an offence).

    The solution is of course plain and extremely simple:

    1) do not test on the production databas if your tests could imaginably update anything in it, do your testing instead on a test system with a test database containing test data not real data.

    2) do not put real data in your test database, even if you intend to alter it to be unreal. Either use an existing data generator or write yourself one. This way you don't have to register the test database under the act.

    Also, it's a help to understand the law: a database which contains personally identifiable data has to be registered and has to have a data controller; the data controller is required to ensure that the database is not used for any purpose other than the purposes it is registered for (and you could register some types of testing as a use) and for ensuring that the data is accurate (which is why it will probably be illegal to test on the production database any code that does updates). The "keep it accurate" bit could make backup and recovery a bit of a nightmare if interpreted stupidly but so far the DP registrar's office has not made any stupid interpretations.

    I only mention it because the data generator is a good idea and should be in anyone's testing toolkit but sometimes we struggle under badly written laws that need reform.

    I know this was the case the last time I read an editorial on this in the UK but don't know if the situation has been resolved. Of course the answer is not to tell the police about every testing database you ever create 😀

    If you believe everything you read in editorials you may eventually find that some of what you believe is not true. Certainly if the editorial referred to suggest that any database ever had to be notified to the police under the DPA it was absolutely incorrect. And there's no need even to register the database with the data protection registrar unless it contains personally identifiable information about real people, which your test database should not do.

    Tom

  • Karen Lopez - InfoAdvisors (3/2/2010)


    You would not believe the types of behaviour that management puts up with just because they have such a hard time filling specialized roles:

    I read your list and every story was appalling, I hope (and believe) that any company I've ever been in would have fired all or at least most of the offenders you describe.

    Tom

  • Tom,

    unfortunately I think it is much harder than that to fire someone. At least on a first offense. I agree with you, but I wonder if most of the companies I've worked at would have fired someone for those items.

  • kevin77 (3/3/2010)


    Steve, does the forum software limit the length of the post at all? I don't run a technical site, but we limit our forum posts to 7,000 bytes (text only, including Html markup). Turns out you can actually fit quite a bit in 7,000 bytes.

    Don't see a setting to limit things in this software.

  • Steve Jones - Editor (3/7/2010)


    Tom,

    unfortunately I think it is much harder than that to fire someone. At least on a first offense. I agree with you, but I wonder if most of the companies I've worked at would have fired someone for those items.

    Oh, I agree it's hard to fire someone (probably even harder on this side of the pond than in the US) but some of those offences were fairly extreme and one theme running through the list was that offenders continued to offend after being told to stop doing it. If clear warnings were given at first offence the continued offending should make them comparatively easy to fire.

    Tom

  • Tom.Thomson

    If clear warnings were given at first offence the continued offending should make them comparatively easy to fire.

    Used to work for company where the first offense was titled "Verbal Warning" although the manager of the individual recorded the warning in writing, which was then placed in the employees personnel file.

    Second offense was titled "Written Warning". Supervising manager wrote up the offense and instructions to the individual regarding same. The closing sentence in this warning was "Continued infraction of rules of conduct / security / or other action deemed injurious to the company may result in your immediate termination." That document had to be signed by the manager and the employee and the employee was given a copy.

    The third warning also titled "Written warning" if required, ended with the sentence "Your continued actions in this matter has violated previous warning and you are hereby suspended without pay for a period of one week. You will be escorted from the building immediately and may not return to your work station. Should you request that your personal items be returned to you they will be examined and made available to you at the main gate at noon of the third day of your suspension"

    Never had anyone return from suspension, and no legal action bought against the compnay. True was in U.S.A. so do not know if it would hold up legally in other countries.

    If everything seems to be going well, you have obviously overlooked something.

    Ron

    Please help us, help you -before posting a question please read[/url]
    Before posting a performance problem please read[/url]

  • bitbucket-25253 (3/7/2010)


    Tom.Thomson

    If clear warnings were given at first offence the continued offending should make them comparatively easy to fire.

    Used to work for company where the first offense was titled "Verbal Warning" although the manager of the individual recorded the warning in writing, which was then placed in the employees personnel file.

    Second offense was titled "Written Warning". Supervising manager wrote up the offense and instructions to the individual regarding same. The closing sentence in this warning was "Continued infraction of rules of conduct / security / or other action deemed injurious to the company may result in your immediate termination." That document had to be signed by the manager and the employee and the employee was given a copy.

    The third warning also titled "Written warning" if required, ended with the sentence "Your continued actions in this matter has violated previous warning and you are hereby suspended without pay for a period of one week. You will be escorted from the building immediately and may not return to your work station. Should you request that your personal items be returned to you they will be examined and made available to you at the main gate at noon of the third day of your suspension"

    Never had anyone return from suspension, and no legal action bought against the compnay. True was in U.S.A. so do not know if it would hold up legally in other countries.

    Ron

    Very similar verbiage to a place I once worked. However, they frequently jumped the first two steps. Due to that, they lost a lot of employees. Infractions were not as serious as those listed by Karen.

    Tom,

    I agree that it should be easier to terminate a person for these types of infractions. If there is a paper trail, then the company needs to protect itself.

    Jason...AKA CirqueDeSQLeil
    _______________________________________________
    I have given a name to my pain...MCM SQL Server, MVP
    SQL RNNR
    Posting Performance Based Questions - Gail Shaw[/url]
    Learn Extended Events

  • bitbucket-25253 (3/7/2010)


    Never had anyone return from suspension, and no legal action bought against the compnay. True was in U.S.A. so do not know if it would hold up legally in other countries.

    That is part of the sort of process I had in mind when I said clear warings at first offence would make it easier to fire (and of course the verbal warnings have to be recorded so that there is a paper trail, as you point out, verbal doesn't mean they are not written down). In the UK there is a statutory code governing disciplinary procedures, and this does not specify verbal warnings, the idea being I think that it's better for the employee to have it in writing from the start, but many companies' disiplinary proceedings do include verbal first warnings.

    Depending on the seriousness of the offence, there might be additional types of warning and maybe one warning instead of two would be enough in the case of really serious offences (and sometimes of course the first warning would be a written warning), while there could be more warnings before dismissal for less serious offenses, and "improvement programmes" are often used (I twice decided to use a three month training and monitoring period to see if improvement would happen when the issue was technical incompetence and stupidity rather than intentional criminal wrong-doing or deliberate (intentional) breach of regulations).

    In extreme cases ("gross misconduct" - generally defined as cases where the misconduct has or is liable to cause serious damage to the business, but the company would be expected to have its disciplinary procedure documented in writing and that should include a description of the kinds of offence that would be considered gross miscunduct) the first offence can result directly in dismissal instead of a warning.

    In addition to the warning process, the employer must provide a proper investigation process to investigate allegations of misconduct, including a formal process for informing the employee and allowing him to dispute any allegations, and should provide an appeals procedure (and ideally also a grievance procedure).

    The statutory code of practise for how all this should work in the UK is on the web at http://www.acas.org.uk/CHttpHandler.ashx?id=1041.

    Tom

Viewing 10 posts - 16 through 24 (of 24 total)

You must be logged in to reply to this topic. Login to reply