Employees of an enterprise fetch data from production databases (or database) for various purposes such as to resolve customer complaints, fix bugs in an application, etc. The fetched data may contain the sensitive data such as Account Number, SSN, Date of birth, etc. along with non-sensitive data. Data fetched from the enterprise database should not be exposed to anyone without asking consent or notifying concerned persons.
The result of query may not explicitly fetch the data subjects in the result as it's up to the employee to write query according to his requirement. In the absence of information about data subject identifiers, it is not possible to notify them about their sensitive data exposure to enterprise employees. Moreover, data subjects need to be notified only if a query fetches the data being deemed sensitive by regulations or policies (by enterprise or data subjects).
Enterprise employees fire queries against database to fetch data for resolving tickets. Sometimes employees fetch sensitive data along with non-sensitive data. Without data subject approval, sensitive data should not be exposed to employees. With SQL query formation flexibility, employee can write a query in any form. The result of that query may not contain data subject identifiers. In the absence of data subject identifier, it is impossible to notify them when their data has been fetched.
Therefore, the objective is to fetch data subject identifier by re-writing a query with minimum cost.