The request really should just make sense for your company. Is this information something the person needs to complete their job duties? Where will this information be stored? Who will receive this information? If the data needs to follow strict disclosure/confidentiality rules, you may want to consider having all requestees sign a document saying they know and understand these rules. Anyone found not following these rules could be subject to immediate job termination.
For more information on this topic, visit these other SearchSecurity resources:
Ask the Expert: Security content on SearchDatabase
Best Web Links: Database security
Best Web Links: Security policy and infrastructure
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.