I s it really true that we can't anonymize data? If that's true, then are we wasting time in looking at any type of obfuscation process or scripting for data that we restore to non-production environments? If that is true, then we then need secure development environments and treat them like production servers as far as security and access controls go.

It's somewhat amusing that the reason we can't likely anonymize data anymore is because we have too much of it. All the different data sets that can be cross referenced, suing public data, make the success rate of anonymizing techniques low. I don't know how practical it is for someone to actually combine data sets from public sources and using the information to determine the identities of people from other data sets. I do know, however, that there are lots of smart people out there with access to cheap computing resources and lots of spare time on their hands. This might be 21st century vandalism, and we, as data professionals, will be the people that have to deal with it.

Read the rest of "Protecting Data" at SQLServerCentral.