No, this isn’t a touchy-feely inspirational post that talks you into taking leaps and bounds in your career. I write those every now and then, but that ain’t today.
Instead, today’s post is about a question: what’s stopping you from snooping in your company’s data?
You, as someone with a lot of database access, have more security permissions than just about anyone in the company. You probably have access to payroll records, financial data, company secrets, you name it. Sure, the company would like to think everything’s kept under lock and key, but developers and database administrators have the keys and they know how the locks work. Even in the most secure environments, I usually find that the staff could answer any question they feel like asking.
But we rarely do.
When I was a DBA, I felt a strange pride in knowing I could query any data whatsoever, yet I was beyond temptation. I didn’t want to know anybody else’s salaries because I believed it didn’t matter. If someone else was making more money than me, good for them and their negotiating skills. If nobody was making more than me, I shouldn’t be proud – I should be ashamed for taking more than I probably deserved. I didn’t want to see anybody else’s employee review, I didn’t want to know how much the company was making, and I didn’t want to see confidential data.
I’ll confess, though, since it’s just the two of us here – at a former company, when our sysadmins stumbled across a cache of videos on the file server, I stood around and watched with the rest of the IT team. We played an employee’s videos of their trip to Russia in search of a mail order bride, and my mind is permanently scarred by the memory of that employee sitting in a hot tub auditioning a prospective wife. It’d be one thing if these videos were in the employee’s private home directory, but these were shared with his entire department! We called HR, and oddly, the guy kept his job. He must have had more incriminating videos of other folks.
I’ll also confess that in the 2000s, while I lived in Houston, there were only two companies I ever aspired to work for: Arthur Anderson and Enron. Oh, how I longed to work in the beautiful architecture of the downtown Enron complex, but the Enron scandal brought both companies down in a flaming mess, almost before the buildings were ready. I counted my odd blessings that I hadn’t been admitted entry into those doomed businesses. However, what if I had? What if I’d gone to work for either company, and I suspected shady dealings? Would I have had the foresight, guts, and security permissions to make database queries to find out what was going on behind the scenes?
My guess is no – I’d never dream of writing a query to get data I’m not supposed to access in my daily job. Why is that, and what’s stopping you?
23 Comments. Leave new
A good post Brent. What’s stopping you from writing that query is a measure of professional ethics. Whether you’re a database administrator, priest, librarian, or bartender there’s a professional code of knowing something confidential and keeping it that way. On the flip side yes you can write the query, but the impetus is not in the context of a larger project. (In library terms it would be collection development.) The impetus is channeling one’s inner Gladys Kravitz. The American Library Association states it as well (see also #2: http://bit.ly/yodldy). In the end we need access to data that assists us to do our jobs. Not beyond that.
I work at a financial institution and have access to basically every customer’s bank account balances, in addition to all the standard employee payroll data you mentioned. Of course, the company has policies against snooping and it is grounds for termination should you be caught doing something untoward. But even if that policy wasn’t there, I wouldn’t snoop. I honestly have no interest in finding out the salaries or account balances of other people. To me, it’s all just numbers in a database. I don’t know if it was the way I was raised or what, but I’ve never even been tempted to look.
What’s stopping me? How about honesty and integrity?
There is a less noble and also less sinister reason to stay away from this data. If you know that information, then you are responsible for dealing with it.
Suddenly you are responsible for dealing with people when you know their salary, and you are responsible for dealing with people when you know their secrets.
Also, if you find the company is doing something illegal, you are liable to report it to the police. If you know the company is making big mistakes, you are liable to try to influence them to change, but you would have to do it while pretending not to know.
In other words, you don’t have the authority (or at least, most DBAs do not) to deal with that information, so having it would only be a liability. You would have to deal with knowing a whole lot of information you don’t want to know. Your job would suffer and your relationships with fellow employees would suffer.
From a very practical standpoint it is better for everyone for you to not know—unless you are in a position to do something about it—but then you could probably get the data through normal means anyway.
You reported the mail order bride guy to HR, yet you’re above looking at salary info? Great — you’re a hall monitor. Congrats.
Adam – heh, yep, we reported him because his videos were on a public share that anybody in the company could access. That’s not okay.
And to be even more specific, it’s *really* not okay that we had to back up his files and sync them to our DR site, and his files were the biggest things on our shared drives.
I worked at a fortune 100 company during the dot com years. When it came time for layoffs/promotions and so on (January typically), the exchange admins would be seen going out for lunch or drinks with several people. What they did, yes read emails they were not supposed to and mark them unread, and pass on information to people on what their fate was to be ahead of time. It was found out, the guys were fired and a super expensive exchange monitoring tool put in place. In another company with HIPAA protection a programmer ran a query to find out healthcare info. on Tom Cruise. The latter was not found out except us DBAs caught him doing it and warned him. Unwanted information is not fun, it is a burden and very foolish to get some short kicks or payoffs out of misusing it.
Honesty, ethics – definitely the first priority, but even then … I really don’t care to look. I have other things to occupy my time that are far more important than finding out what is in the database. We host a multi-tenant database and could look up all sorts of information about people and other things inside the database, but I’m more concerned that the data is accurate and accessible by the customers than what it actually contains. Even having designed the tables to store salary, reviews, and such I just don’t feel the desire to know those things and wouldn’t look at them unless someone said something was wrong.
Put simply, I don’t care. If I really had any inkling of shady dealings with a company, as I have in the past – I’d bolt. As I have in the past. Questionable ethics doesn’t hide in the data. It seeps through a company like an oily rag. 🙂
One word – Integrity!
It’s all about honesty. I don’t think you can truly be a professional without a sense of ethics.
I spent several years working for a mental health insurance company. So there was also a legal obligation as well (HIPPA). Violations would have seriously hindered our ability to be a resource to our members and change their lives. As a quick side note we didn’t make money by denying care to members. Our money was made by implementing new services.
Safeguarding and protecting those members was a privilege. And that also meant that I should respect their privacy. It was one of the most rewarding jobs I’ve had.
I only disagree with one point; I want to know how much money the company is making. If things are heading down hill, I want to know before it’s too late. Of course, I want to get the data through publicly available info, like corporate financials filed with the SEC (if working for a publicly traded company) and not by scouring the companies accounting databases.
I agree with professional ethics, honesty and ‘who cares’, but there’s one more reason I wouldn’t look at PII: once you know something, you can’t un-know it.
If I ever found out a co-worker used to be a Chippendales dancer, or his middle name is Rosebud, I’d have to keep it bottled up for the rest of my life, and it’s just not worth it.
I have no sympathy for the Russian Hot Tub guy, and while it may have been unprofessional to watch the videos, he lost any right to complain when he stored them in a publicly-accessible folder.
Regarding Enron, suspecting foul play wouldn’t give me the right to play detective, so I wouldn’t go digging for any skeletons.
Thanks for the thought-provoking post, Brent.
Hey Brent. I got similar story to share. My previous company kept their employee records an Access DB. They told everyone everything is secure, locked down and one of the developers who had access told me of some secure mechanism that was not possible to do on a SQL Server [I knew there and than that it would be lying somewhere in plain text].
And finally, one manager came in and wanted to change that – I had to set up servers, encryption etc and found out my SSN was right there!! No idea what happened to it because I came to grad school and left my job.
What freaked me out is that their AC DC was messed up and all the wrong people had the [right] permissions. Took me at least two months to straighten it out – trial to see nothing is broken!! Your post rang some bell!
Hey Brent. I got a similar story to share. My previous company kept their employee records in an Access DB. They told everyone everything is secure, locked down and one of the developers who had access told me of some secure mechanism that was not possible to do on a SQL Server [I knew there and than that it is somewhere in plain text].
And finally, one manager came in and wanted to change that – I had to set up servers, encryption etc and found out my SSN was right there!! No idea what happened to it because I came to grad school and left my job.
What freaked me out is that their AC DC was messed up and all the wrong people had the [right] permissions. Took me at least two months to straighten it out – hit/trial to see nothing is broken!! Your post rang some bell!
Moral Fiber. Nothing more and nothing less. I have it, and I’m proud of it. I’m a trusted and valued employee. If I wasn’t, that wouldn’t change my views on what I should or should not access, it would just change the refresh rate on my resume.
While I couldn’t agree more with folks saying that it’s a strong moral conviction that keeps them from snooping, DBAs should also be asking themselves this very question for another important reason (beyond self-examination).
“What’s stopping me from snooping?” OUGHT to be answered with “a system designed around letting people only access data that their job function requires them to access,” along with “a system that tracks, to a reasonable extent, who’s been accessing sensitive data.”
If you’re at a company that, for example, let’s the DBAs figure out how to decrypt credit card numbers stored in the DB, then the company probably doesn’t have their key management strategy in order. If random developer who’s not working on projects that involve sensitive data has a login that lets him see that data anyway, then you’ve given that person too much access.
Chris – you know, it’s funny, I was actually waiting to see how long it took someone to answer with that! I’m not surprised that it took so long, and I’m happy that all our readers have a strong moral character, but yep, we do need a robust system. And I bet most of us don’t! I know I often didn’t. I don’t want to bank my business’ data on hoping that everybody has a strong moral character.
The other funny part is that’s exactly what I’m banking on with my own coworkers here at Brent Ozar PLF! We’ve all got the same permissions in our accounting systems, and we rarely go back to double-check that we’re doing things right. Thank goodness for our accountants!
As far as I can recall all the stuff I “shouldn’t” have seen has been foolishly passed around in speadsheets rather than me snooping around in a database.
Trick question? What _should_ be stopping me is a database trigger that logs who, and when a select statement is performed on sensitive tables.
All it takes is one disgruntled sysadmin to be a major security risk to a company.
Trick answer? You only need to wait for ON SELECT to be implemented and then be a little bit nuts to consider using it.