BC remote Oracle DBA - Call (800) 766-1884  
Oracle Consulting Oracle Training Development

Remote DBA

Remote DBA Plans  

Remote DBA Service

Remote DBA RAC

   
Remote DBA Oracle Home
Remote DBA Oracle Training
Remote DBA SQL Tuning Consulting
Remote DBA Oracle Tuning Consulting
Remote DBA Data Warehouse Consulting
Remote DBA Oracle Project Management
Remote DBA Oracle Security Assessment
Remote DBA Unix Consulting
Burleson Books
Burleson Articles
Burleson Web Courses
Burleson Qualifications
Oracle Links
Remote DBA Oracle Monitoring
Remote DBA Support Benefits
Remote DBA Plans & Prices
Our Automation Strategy
What We Monitor
Oracle Apps Support
Print Our Brochure
Contact Us (e-mail)
Oracle Job Opportunities
Oracle Consulting Prices





   

 

 

 

Remote DBA services

Remote DBA Support

Remote DBA RAC

Remote DBA Reasons

Remote Oracle Tuning

Remote DBA Links

Oracle DBA Support

Oracle DBA Forum

Oracle Disaster

Oracle Training

Oracle Tuning

Oracle Training

 Remote DBA SQL Server

Remote MSSQL Consulting

Oracle DBA Hosting

Oracle License Negotiation

 

 


 

 

 

 

 

 
 

Removing sensitive Oracle data

Oracle Tips by Burleson Consulting
January 8, 2008

Trashing your data:  An important Oracle Remote DBA job

As CEO of a database software company, Larry Ellison knew the value of archiving his corporate data. When a disgruntled ex-Oracle employee (Adelyn Lee) concocted a false claim against Larry, Ellison used data archives to prove that she had forged her evidence.  The charges were dropped and Lee was found guilty of perjury and sentenced to a year in jail and a $100,000 fine.  For the entertaining details, see Lee v. Oracle Corporation, (1999 WL 595455 (Cal App 1999)).

While this saved Ellison from unfounded charges, we must ask if it is always a good idea to archive every detail of your operational business processes.  Today, many large companies are requiring complete purges of sensitive data that might be misunderstood, and they are going to great pains to have their Oracle DAB remove all traces of this information.

As disk prices fall to record lows, many corporations are deciding to retain all of their corporate data, including all corporate correspondence, everything from e-mails to customer queries.  But is this a prudent decision?   Some experts are suggesting that it’s a big mistake to archive all of your data, especially if it has not been carefully reviewed for content.

During my work in Oracle forensics, I’ve helped many litigants resurrect evidence that has helped to punish some bad guys and vanquish people who have been treated unfairly.  During these forensic investigations, unscrupulous shops are shocked to discover that “smoking guns” can be uncovered years after the data has been deleted from Oracle.

But it’s not just the bad guys who must trash their Oracle data. In case after case, archived Oracle data is being abused by greedy plaintiffs, and the Oracle community is starting to realize that a prudent data retention policy must also include specific directions for trashing some Oracle data.

In today’s litigious world, the conventional wisdom that saving all corporate data can save the day is now being challenged.  While data is a valuable resource, blindly archiving data can have serious financial consequences.  Consider these examples:

  • ABC Corporation had a big problem.  A disgruntled ex-employee was suing for sexual harassment.  Even though the charges were groundless, their own historical data was being used to hurt them.  During discovery, opposing counsel subpoenaed all corporate e-mails for the past three years, over 20 million messages, finding hundreds of examples of messages that could be construed as demeaning to women.  Because ABC archived all of their e-mails in their Oracle database, this data was used against them to horrific effect, costing them over a million dollars in damages.
     
  • ZZZ Car Corporation was accused of cutting-corners on their vehicle production costs, precipitating the deaths of over a dozen motorists in the past decade.  Using Oracle archived redo logs, the Plaintiffs found evidence that ZZZ engineers could have made their car safer, yet they chose not to do so because the extra costs would make their cars non-competitive. 
     
  • YYY Corporation was found guilty of libel after it was discovered that an ex-employee had published defamatory information on the web using the company’s computers.  The incident occurred four years ago and even though management had no knowledge of the incident, but the Oracle log files revealed the exact details, opening-up YYY for millions of dollars in damages.
     
  • During a lawsuit for age discrimination, XYZ Corporation was ordered to produce confidential documents from their Oracle HR module.  Even though the data was deleted from the database, the archived redo logs were used to reveal a pattern of age-related discrimination, costing them over ten million dollars in damages.

What do these cases have in common?  They were all Oracle shops that made fatal errors in their data retention policy.  They were all drawn-in to a common misconception that because disk is cheap and Oracle can easily manages all forms corporate data, that their data should be stored forever. 

 

The Oracle Remote DBA as data custodian

While the intentional destruction of evidence (“spoliation”) is highly illegal, it is prudent and responsible to purge data that no longer has any value to the company, especially data that might be misconstrued or used in a lawsuit.

In today’s litigious society, employers are held responsible for the acts of their employees, and management must decide between two unsavory options:

  • Monitor and archive all employee correspondence (web usage, telephone calls, e-mail).
     
  • Deliberately throw-away all correspondence after 60 days.

The Orwellian tactic of monitoring employees is falling from favor, and many large corporations now require that all corporate correspondence be completely and totally destroyed after a reasonable period of time.

So how does the savvy Oracle Remote DBA mange data retention policies?

As more and more information systems are consolidating all of their operational information into Oracle databases, the Oracle Remote DBA becomes the custodian of a wealth of varied data, everything from confidential e-mails to secret marketing plans.  As many vendor products (e.g. Oracle Collaboration Suite) now incorporate non-traditional data like spreadsheets and correspondence into Oracle, the Remote DBA must clearly understand what data is to be preserved and what data must be expunged from the archives.

Let’s start by looking at the legal requirements for data archiving and understand how to comply with Federal laws while eradicating unwanted information.

 

Legal requirements for data archiving

The Oracle Remote DBA presides over a vast amount of corporate data and the Remote DBA must often work with corporate attorneys to ensure that their data retention policies comply with a host of Federal data requirements (see Appendix A for a partial list).

These data archiving laws impose huge burdens on Oracle shops, especially laws like HIPAA which mandate the auditing of anyone who views confidential patient data.  These audits can exceed the size of the database every day, and the Remote DBA is further challenged by law requiring reporting.  For example, a Oracle Remote DBA in a hospital only has a few hours to spin-through terabytes of HIPAA data to show everyone who has viewed a particular patient’s records. 

This article titled Documentation and recordkeeping describes the wide variety of Oracle data that must be retained and archived:

 

Data

Law Requiring Retention

Basic data (name, address, birth date)

FLSA

Job advertisements

ADEA, FLSA and ADA

Employment applications

ADA/Title VII ADEA, and OFCCP

Offers and hiring records

ADA, Title VII, Vet’s Act

Promotions, demotions, and transfers

ADA, ADEA, and Title VII

 

Many of these laws impose criminal sanctions against any Remote DBA who fails to comply, and some Remote DBA’s will simply retain everything in order to ensure compliance. 

However, that’s often a huge mistake.  For example, a well-intentioned e-mail that states “Joe is in the hospital for VD treatment, in case anyone wants to send flowers” could be used as evidence for a HIPAA lawsuit for disclosing confidential medical information.

 

Removing stale Oracledata

All Oracle Remote DBA’s must be vigilant to ensure database recoverability while ensuring that sensitive or confidential data is completely obliterated.  Most Oracle Remote DBA’s develop a sophisticated data retention policy that ensures recoverability, but they fail to develop policies for completely removing “stale” data.

In the article What you must have, should have, and never want to see in your company’s records), we see that that all Oracle database information should be cleansed before archiving, removing all traces (including the redo logs) for any “smoking gun” data.  This information could be buried deep inside Oracle Applications or Oracle Collaboration Suite:

  • References to personal status - Any Oracle data referencing pre-employment background checks, deviant sexual orientation, disabilities, politics and criminal history should be routinely purged.
     
  • Statements admitting wrongdoing by the company. Even simple notations within Oracle Applications comment fields must be carefully examined.  For example, a comment within Oracle AP stating “We are postponing payment as long as possible”, could be used in a lawsuit.
     
  • Subjective remarks - Some employees tend to include subjective comments in Oracle Apps, statements that can prove dangerous in litigation.
     
  • Inaccurate information - . The publication of false and defamatory information could result in a claim for libel or slander.

So, how does the Remote DBA manage these conflicting requirements?  In order to be effective, the end-user community must be intimately involved in the purging of stale data from the Oracle tables, but it is up to the Remote DBA to ensure that none of this stale data is retained inside export files, audit trails or archived redo log files. 

A sample retention policy should also spell-out the specific acts to ensure the through destruction of the data.  Remember, audit trails almost always contain confidential data, and the audit trail tapes should be thoroughly incinerated. 

In some shops with threats of 3rd party litigation, the corporate attorneys have developed through procedures for destroying Oracle data, even going as far as cremating the archived backup tapes.   They notes that un-cataloging the archived redo log tapes is not sufficient because they could be reconstructed by an Oracle forensics expert, and archived redo that is sent to a “safe site” must also be completely destroyed.

Archives kept on disk also require special treatment.  The disk files should be physically erased, and it’s not enough to just remove the files.  Here are some high-level best practices for Oracle data destruction:

  • Destroy stale data – Many Oracle Apps shops require their end-users to purge sensitive data periodically, and some shops run keyword searches against all comment columns, seeking inadvertent failures.
     
  • Destroy archived redo logs – Archived redo logs can contain unwanted data (especially for Oracle Collaboration Suite and Oracle eBusiness Suite) and all redo logs must be completely destroyed as soon as they are no longer needed for database recovery. 
     
  • Destroy audit trails – Many shops use a job scheduler to mark audit trails for destruction as soon as the legal requirements are met. 

In sum, the Oracle Remote DBA has become the important custodian of critical corporate data, a job that requires attention to retention as well as destruction. 

 

Appendix A

U.S. Statures mandating Oracle data archiving include:

  • The Health Insurance Portability & Accountability Act (HIPAA)
  • The Sarbanes Oxley Act (SOX)
  • The Graham/Leach/Bliley Act (GLB)
  • The Federal Insurance Contribution Act (FICA)
  • The Federal Unemployment Tax (FUTA), Americans with Disabilities Act (ADA)
  • The Age Discrimination in Employment Act (ADEA)
  • The Equal Pay Act
  • The Family and Medical Leave Act (FMLA)
  • The Fair Labor Standards Act (FLSA)
  • Title VII of the Civil Rights Act of 1964 (Title VII)
  • The Immigration Reform and Control Act (IRCA)
  • The Occupational Safety and Health Act (OSHA)
  • The Employee Retirement Income Security Act (ERISA)

 

References:

 
If you like Oracle tuning, see the book "Oracle Tuning: The Definitive Reference", with 950 pages of tuning tips and scripts. 

You can buy it direct from the publisher for 30%-off and get instant access to the code depot of Oracle tuning scripts.


Expert Remote DBA

BC is America's oldest and largest Remote DBA Oracle support provider.  Get real Remote DBA experts, call
BC Remote DBA today.

 

 

Remote DBA Service
 

Oracle Tuning Book

 

Advance SQL Tuning Book 

BC Oracle support

Oracle books by Rampant

Oracle monitoring software

 

 

 

 

 

 

BC Remote Oracle Support

Remote DBA

Remote DBA Services

Copyright © 1996 -  2013 by Burleson. All rights reserved.

Oracle® is the registered trademark of Oracle Corporation.



Hit Counter