I’m unsure if I have posted this in the correct community but the organisation I am currently working for currently uses an SQL ‘data warehouse’ which contains a bunch of tables from various sources, for various purposes. This data warehouse (as far as I can tell) has two or three environments; Dev, QA and Production.
I was recently granted access to the development data warehouse SQL server for a software development project I am working on and found a number of tables containing sensitive employee data from 2012-2013, in plain text (including National Insurance Numbers, Next of kin details, qualification details, addresses, phone numbers, car registrations etc.).
This development server is accessed by a number of developers within my organisation (including myself) for various projects.
1) I don’t think this data should be stored on the development environment (I believe everything was copied back from Production server at some point).
2) I don’t think these details should be stored in plain text for anyone to see via a simple SQL query.
3) I don’t believe that myself and other developers within the organisation should have free access to these tables.
I’m fairly certain that my employer is not aware of this and are actually storing all of this information in plain text, in the production environment. I also think that this breaches some sort of privacy or GDPR law.
I’ve spoken to my manager about this but they seem to be glossing over it and ignoring the issue/ not wanting to get involved.
How do I report this without getting into trouble myself, for viewing these tables?
EDIT: I had to request permission to gain access to this data warehouse server. I only have access to the development server and as I was browsing through the tables to find the one required for my project, I came across the ones which contain sensitive data. Being curious, I ran a simple ‘SELECT TOP 1000 ROWS’ query and it came back with the sensitive data.