You can argue for fines and prison sentences but on HN that won't accomplish anything. Here the only workable solution is a technical one, plenty of expertise available and people able to implement stuff.
I do security by not having things I don't need, printing documents and deleting the data. It's not perfect by it self but it is something we could model in hardware quite well.
One-way tubes seems pretty easy.
For access one could give each employee a query quota and if they exceed it have someone else increase it temporary or permanently.
One could also make a dumb console that displays data on a screen, db tables, pdf files, images.
Could build some business logic in hardware. More often than not the need for access is triggered by something. If the customer calls you some of their information can be displayed. Accessing it in the days after that isn't dubious.
It takes a lot and makes things more complicated but in the end you do get nice small data sets to work with.
I do security by not having things I don't need, printing documents and deleting the data. It's not perfect by it self but it is something we could model in hardware quite well.
One-way tubes seems pretty easy.
For access one could give each employee a query quota and if they exceed it have someone else increase it temporary or permanently.
One could also make a dumb console that displays data on a screen, db tables, pdf files, images.
Could build some business logic in hardware. More often than not the need for access is triggered by something. If the customer calls you some of their information can be displayed. Accessing it in the days after that isn't dubious.
It takes a lot and makes things more complicated but in the end you do get nice small data sets to work with.