Accessing Sensitive Information 3

[ecobb]

Our HR department wants me to build an application for submitting salary change requests and various other HR functions. They want it to be able to interface with their existing program's database. BUT, they refuse to allow me access to their existing database because they're afraid I'll look at salaries. I suggested that they let me build a new database to hold the information for whatever application they want me to write...NOPE...people will be putting salary info into it and I would be able to see it.

(Please wait while I bang my head against the wall)

Ok, does anyone know of any articles on the web that I can show them to point out how absurd this request is? As obvious as this is to you and I, I need to provide them some type of professional writing stating that the DBA (or application programmer) needs access to the DB in order to use it. Something like this:

http://www.sqlmag.com/Forums/messageview.cfm?catid=22&threadid=97

Only I need an article, not a forum. Or at least something that shows them I have to have database access to write this application.

Any help is GREATLY appreciate!

Thanks!!

 

[MDXer]

I don't know of any articles off hand but I'll certainly look around for some to help you.

While I can understand their reasoning their attitude seems dangerous.

Who maintainst the Database?
Who sets permissions on the database.
Who does the maintance on the database?

It never ceases to amaze me the attitudes of people who don't understand IT and their failure to understand the most basic needs.

Do you have a formal project plan with specifications and project scope? If not that may be one way to force issues like this.


"Shoot Me! Shoot Me NOW!!!"
- Daffy Duck

 

[lespaul]

At the least, you should be able to get a copy of the database with the salary information changed (maybe set all the records to a salary of $1000) so that you can write your app, know that it will work and then modify the database it accesses to the 'real' one.

 

[carp]

Concur with lespaul; that's how we work at my shop. We have a clone of the database with dummied up data in it. Our code is parameterized so that when it's time to move from development to production, all we have to do is change a couple of variables at the top of the code (URLs, database names, etc) and load it into production.

 

[CajunCenturion]

I wouldn't recommend banging your help up against the wall, but the requirement is not absurd and in fact is quite reasonable, and depending on your location, may be required by law. The company has an obligation to protect personal information, including salaries, and the HR department is doing their best to honor those privacy obligations and committments in order to comply with privacy constraints.

They are not tying your hands, it's their hands that are already tied, and they can't untie them for you.

Rather than fight the request, sit down with them, show them that you understand why their hands are tied, and in turn, how that ties your hands, and work with them to develop a scenario where everyone can successfully do their jobs. lespaul and carp have provided good suggestions, and depending on your environment, they may work directly, or perhaps you'll need to come up with other alternatives.

Things usually go much smoother when you respect the position of your customer and cooperate, rather than try to dictate the terms of the relationship.

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein

 

[ecobb]

I agree as well, except there's no one to give me a backup or a database schema. MDXer actually hinted at our situation....I AM the DBA. When this company got their new software (various programs for various departments), the software vendors built and configured the database servers (SQL Server and Oracle, depending on the program). Since everything was working, they never hired a DBA. No one has touched the databases since the day they were installed.

Now, over a year later, the company has doubled in size and they've hired me to be the DBA, but they only want me to work on the NEW stuff they want to do, since everything is working with the old stuff they won't allow anyone to touch it. We are talking about some EXTREMELY computer illiterate people. You would have thought I had just created fire for a caveman when I introduced them to the concept of an Intranet.

It's not a matter of trust or faith in ability, it's more of a matter of not understanding the concept of why I need access to the database that holds the "secret" information.

I know this situation sounds insane, but technology is something they've been resisting until recently. And it's hard to explain the concept of remote backups or transactional replication to someone who has problems using email...

Thanks!

 

[SQLSister]

AS I see it your alternatives are thus:

Suggest they have the vendor do the work if they do not want you to have access

Suggest they have the vendor set up a development environment for you with fake data

Try to log into the data base with sa and no password (if they are that ignorant, perhaps they have not set the sa password.)(Just kidding, this one could get you fired!)

Take a sample database you do have access to and walk them through what you would have to see in order to develop a sample stored procedure against it to show them why it is necessary for you to get access to the database. When you suggest this, also suggest they have you sign a non-disclosure agreement stating you will not release any personal data to anyone other than what is needed to perform your job. Point out that thee types of agreements are common in the IT world as it is part of the IT profession to have access to private data.

Point out to them that without the SA rights, you could not restore their business critical data if the hard drive of the server it is on ever crashed. And by the way, how can you even know if it is properly being backed up if you do not have the rights. It's too late to find this out after you have lost your accounting system or HR system! ASk them to imagine how much it would cost to recreate this data from paper records.

You could of course point out to them that a correctly designed system storing this type of data would encrypt it on insert or update and decrpyt it on select so that admin people who must have access cannot actually read it.

I suppose you could look for typical job descriptions of DBa to show them that they muct have database access.

If they won't give you access have them sign a paper stating that you do not have access and thus cannot be held responsible in the event of a problem with the database or hardware and that they are aware of the risks associated with out having a dba with system admin rights. Make the risks sound as scarey as you possibly can when drafting this document. Being forced to accept that they have responsibility for the data and not you may open their eyes to the dangers of not having an IT person with admin rights. Make sure you put in every contingency you can think of from hard drive failure to flood or fire. Don't forget to add that if the company they bought the software from went out of business they would have NO ONE who could fix their system WHEN it breaks.

Good Luck.

 

[ecobb]

Thanks to everyone! As always, you offered some excellent points that I had not considered. I especially like SQLSister's idea of pointing out what will happen when everything breaks (and covering my you know what), as I'm sure this is something they're not aware of. Hopefully I will be able to make everyone listen to reason!

Thanks again!

 

[CajunCenturion]

Best of luck to you, and I hope that everything works out.

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein

 

[lionelhill]

I like SQLsister's suggestions!
Another thought, probably wouldn't work with office politics, but if your HR department is having problems because they aren't allowed to let non-HR staff have access to the database, can't you be signed-on as an HR-department member of staff, and sign the same confidentiality stuff as would a temping secretary working in HR?

 

[Stevehewitt]

I don't know what the laws are in the US, but in the UK under the data protection act then what they are doing are correct - unless you become registered - which costs hardly nothing and isn't difficult.

Personally, I would tell them that either they purchase a system, or shove it. I would love to know how passwords would be reset and general database maintance is done without the admin having permissions.
Get registered with the data protection act (if in UK), type out a draft confidentiatly agreement and present these documents with a copy of this TT forum to the HR or your manager. If they still say no then say that its fine, you'll have to purchase one. You may also want to hint that you have a smashing tool for password cracking anyway if you wanted to get in!!! (Wouldn't recommend that last one unless you get really mad!)

Steve.

 

[jrbarnett]

Further to Stevehewitt's posting, the website of the data protection commissioner (as the post is now called) is:

http://www.dataprotection.gov.uk/

John

 

[Onyxpurr]

I'm in the US and had the same problem. Only the database forms and reports I had to create included the salary and other sensitive information.

I sat down with HR and explained that as an IT programmer it is part of my job responsibility to handle sensitive information. It's part of what comes with the job. If it isn't a company rule in your office, I might suggest having a talk with HR and let them know that.