For PII, we capture mostly emails, mobile and name of users who signup on our website. Along with this purchases made by users are also a sensitive data. Protecting this data for users privacy is as important as not letting any disgruntled employee from selling this data to our competitors.
This data is stored in MySQL database, and some of employees in Tech department need Read Only access to this production database. Some of the reasons why they need it are:
- Debugging a issue that is happening with a specific user and non reproducible in local environment
- Creating one time reports by writing complex MySQL queries
- Dumping email address or mobile for uploading in a third party communication platform like Twilio for sending a broadcast Email or SMS to users
- Dumping users data for cleaning and analytics purpose in excel sheets
- For debugging some high priority issue happening in production environment
While doing these activities, it's likely that some dump of data may reside in the local computer system, emails etc. And it can be leaked accidentally or deliberately by an employee. We can't encrypt this data, because various departments in organization need access to it for completing their job effectively.
What are the ways by which we can ensure data safety by taking any technical measures (NDA and legal agreements with employee are already in place)
