>>Thanks...I will take a look. In this app, the only sensitive info is some limited bank account info - name and >>account number - so the client probably only needs two fields in one table encrypted. And even in that case, I am >>having a hard time convincing them that it is worth their while to do so - they don't have data on the road and they have a so-called "good" firewall (as good as it gets) but I still think they should encrypt this - just in case someone, >>somehow gets in (or an employee copies the file). And they have said "even if someone gets the file, what can they >>do with it - it is just a name and a bank account number - they still would need ID to do anything with that >>account). My thought is that it would still be a public relations nightmare even if it is not that useful.


If identity theft is an issue the standard best practise includes encrypting the data stored in the database. The quality of the firewall is irrelevant. Name and Bank account number are not enough to facilitate identity theft.