> an ongoing investigation has so far found no indication that employees have abused access to this data
what sort of indication would they be looking for? presumably it wouldn't be hard for an employee to have made a copy for themselves without leaving a trace of evidence.
I wonder this every time I see it in a report. It’s not like every file access is recorded for 10 years. Or at all. If you’re lucky you know who accessed a machine since the last time you rotated logs. But let’s say the data was mounted and accessible to all internal machines; literally anyone could have looked at it and done whatever they wanted without anyone knowing.
what sort of indication would they be looking for? presumably it wouldn't be hard for an employee to have made a copy for themselves without leaving a trace of evidence.