[cristobal03]

As attachment-heavy as the Business Applications forum has gotten in the past couple of years, I think TSG needs to create some rules regarding acceptable attachments in terms of content. The problem is, many people coming to us for help don't always think about the implications of posting a working file (this is especially true of databases) or a screenshot containing sensitive private data--or, in some cases, confidential or proprietary business data. We try our best to tell users they need to obfuscate such information, but that doesn't always address the entire issue (e.g., propriety, or sensitive information in the metadata/document properties). It's a growing problem in that Business Apps is becoming increasingly an attachment-oriented forum, which is in my opinion unfortunate, but that's another matter.

What I propose is either a set of rules or at minimum a sticky in Business Apps detailing the minimum acceptable standard of confidentiality to which all attachments must conform, and--this is the rough part--enforce a policy such that any attachments in violation and all subsequent attachments of the same file within the thread be removed. This is important because of the pace in Business Apps. When a file comes in, oftentimes there is a revised or corrected version posted within the hour. Obviously we are not obfuscating the contents of the file when we provide solutions or suggestions, so the sensitive data still remains in the subsequent attachment.

The problem is particularly evident in database threads. People post database files containing records of doctor/patient visits, social security numbers, private addresses, phone numbers, email addresses, and all sorts of things. Even when we ask them to "dummy" the data, they don't always do it. I think this is a huge liability for TSG because the site isn't indemnified against the random person who discovers his name and SSN have been posted on the Internet in a database file, for example. It's easy to say now, "What are the odds," but that argument won't hold up in court, so to speak.

Maybe I'm going overboard, but it's definitely becoming a problem. Like I said, at a bare minimum, I think there needs to be a sticky, and if attachments don't comply with the sticky, at least the original should be removed.

chris.

[cristobal03]

[bump]

Well, after looking around a bit, I see indemnity is granted by the third section of the legal page, but I still think it'd be appropriate to devote some space to suggest to new users best practice regarding sensitive working document attachments.

chris.

[Yankee Rose]

Hey cristobal03:

I think you are addressing a very important point. With privacy and security as big a concern as it is, TSG would be wise to have this reviewed and revamped.

Very worthwhile suggestion.

[iltos]

Quote:

Originally Posted by cristobal03

As attachment-heavy as the Business Applications forum has gotten in the past couple of years, I think TSG needs to create some rules regarding acceptable attachments in terms of content. The problem is, many people coming to us for help don't always think about the implications of posting a working file (this is especially true of databases) or a screenshot containing sensitive private data--or, in some cases, confidential or proprietary business data. We try our best to tell users they need to obfuscate such information, but that doesn't always address the entire issue (e.g., propriety, or sensitive information in the metadata/document properties). It's a growing problem in that Business Apps is becoming increasingly an attachment-oriented forum, which is in my opinion unfortunate, but that's another matter.

chris.

this is a valid concern, as some recent reports have shown
fwiw, however -the business apps forum has probably been the one tech forum that i have frequented most often, and always with a specific question about some task or arother that i've taken on and realized either a/doesn't do exactly what i need it to do, or b/ i've little idea what the possibilities are or how to make them work (perhaps a generally reason why there's been the increase in attachments there you mentioned)- i've found a lot of very knowledgable and helpful folks there who are very diligent in their warnings about emails and other sensitive data.

as with most difficulties at this site, then, the problem lies with the member asking for help rather than the helper.....

and stickies don't seem to be in most people's radar....especially ones that are cautionary and smack of some kine of "rule" (even if they are dead on)...i'm sure a stickie wouldn't hurt...i just don't see it doing much good, either.

most authorative help in that forum -like you, chris- may just be stuck with the adamacy of your warnings....and the report button....to keep this issue fresh in the rest of our minds.

[cristobal03]

Yeah, that's kind of the response I was expecting, and I think it's probably the most practicable one. Mainly the reason I brought it up was to suggest the policy of deleting all attachments of the same file within a thread if the file's obviously sensitive. I think it's pretty controversial because it means deleting solutions, which people provide voluntarily. But on the other hand, it's also the appropriate thing to do in order to protect hapless citizens from having their personal information exposed.

I mean, there's no way to unilaterally fix the problem unless TSG disallows attachments altogether, which is in itself a very bad idea. So, I don't know. Can we expect our veterans to maintain vigilance about it? Who knows? I hope so. If I had to ballpark it, though, I'd say of the requests (by veterans) for file uploads I've seen, maybe 1 in 3 includes an admonition against posting private data.

It isn't TSG's fault at all; that isn't what I'm getting at. Neither is it the poster's fault, nor (necessarily) the helpers' fault. The posters aren't always aware of what it means to post a working file, and the helpers don't necessarily know what's in the file.

I don't know. Just thought I'd raise the issue.

chris.

[TechGuy]

Cookiegal just contacted me about this one and suggested a Sticky that will be up in Business shortly.

[Cookiegal]

Yes, I felt this was a concern too. Mike and I collaborated on this to come up with the sticky that is up now.

[cristobal03]

Forgot to post my quick reply when I marked this "Solved." Thanks again guys, I really appreciate the attention and effort

chris.

[Cookiegal]

You're welcome and thanks for the suggestion.