Why store sensitive information locally at all?

On Friday John Monaghan asked the question, "Why do we still store very sensitive data on laptops?"  He had several good points, even if some of the conclusions he drew from them were a little overboard.   I mean, the idea of making a poor auditor responsible for the data on his laptop is a little harsh.  On the other hand, if we make his CEO personally responsible for the data and the costs, there might be a little better response from the company as a whole.  Making it painful for the frontline guy isn't going to make a change at the company as a whole.  Making it painful for the big boss is.

But one point John made really resonates with me:  in this day of high speed nearly universal access, why are we allowing sensitive data to be downloaded to a local system at all?  Sensitive should mean exactly that, the data should be treated with respect by the company and everyone involved with it, not just slung around as if it were any other piece of data.  Employees and management both need to be aware that the data they're handling could potentially ruin someone's life if it gets into the wrong hands and should be treated appropriately.

There's very few cases where this data needs to be downloaded to a local system.  Desktop systems are only slightly less prone to theft, as Trans Union found out last year.  So why store the information locally at all; leave it on the server in the database where it can be protected both physically and virtually in an appropriate manner.  Businesses know how important their servers are to their continued existence, and take adequate steps to protect those systems.  Now it's a matter of making them aware of the value of the sensitive data in the databases.

Businesses need to treat our sensitive data appropriately.  If it's important for their auditors to access that data when they're in the field, than the appropriate access policies and technologies need to be created and put in place.  Downloading the database to a database to the local hard drive is not appropriate;  connnecting to the central database over a secure channel is.

We have high speed access from most locals today.  If you need to access my sensitive data, do it over you're company's VPN, connected to the server.  Don't download a copy to take home with you.  If you're business doesn't have a VPN than obviously it's not important for you to have access to that data when you're not physically at the company.  Treat the data in a manner appropraite to it's sensitivity.    Your convenience isn't important to me; the sanctity of my digital identity is.