sliqua-jcooter wrote:
When I want something secure, I pull the network connection.
If you can't tell me specifically how something is more secure, then it probably isn't.
I used to work with confidential patient data and had exactly the same solution. Lots of people wanted the data on the intranet, but none provided a good reason. It made the discussions about securing the data against intrusion really, really short.
On the other hand, in another place, I was once handed a disk of patient records by a medical student that contained the name, address, phone number and all blood test results of patients attending a particular hospital. Apparently the student simply asked for it for a project, and was handed a copy of the raw data.