When it comes to something like this, the best approach is to just go along with it. It really isn't much trouble to separate out the personal information. Then, if there is ever any problem - you can say you took precautions.
I do something similar and always have the personal info in a different s. When it is time to analyze the data, you can give the statisticians a backup of the entire database and not worry that there is any personal information in it. At 09:41 AM 4/17/2009, you wrote: >hi > >our clients run tests on patients for research purposes. > >As part of their data protection they are 'told' >to not keep personal identifiers (patient first >name, last name, dob etc...) in the same database as their test data. > >we have created a cf application that uses all >cf security we know about, the database is >stored on a seperate mysql vps, it can only be >accessed via the cf app, and the the cf app >controls individual access to the personal data >(if someone does not have rights then they >cannot read or write to the personal data) > >however we are getting pressure from places to >split the data into 2 database as it doesnt fit in with the 'terminology' > >personally i am struggling with the need to split it into 2 databases. > >i would appreciate your opinions on this as my opinion is: > >- our cf application handles all of this and i >don't see that placing them in seperate databases will make it more secure > >- even if they are in separate databases... if >they are stored on the same MySQL VPS then >someone will be able to piece them together if they get into the backend anyway > >- if the 2 databases are stored on separate >MySQL VPS's would this not open a security >issue. and if someone gets into our cf app code >then they will see the details of both the >databases anyway and again can piece it together > >- we also discussed encrypting the data in the >personal identifier columns in another thread >(http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:59153) >where the outcome was that encryption would not >provide any real benefit, and was therefore not necessary. > >thanks for your opinions > >richard > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321762 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
