Every piece of data that is important enough for an organization to collect and maintain is important enough to be secured and protected properly. This means that only those people within the organization who have a business requirement to access the data should be permitted to access it. All other access should be denied using the security mechanisms of the DBMS and/or add-on security software. Failure to adequately protect data is why we see so many stories about data breaches (over 150 in the past 18 months).
This was first published in June 2006