Today, a large business (X) accidentally emailed me all their clients' data inside a spreadsheet. This is not the first time this has happened in New Zealand. Recently EQC, a government department, emailed a spreadsheet containing thousands of clients claim records to one client.
Apparently, X sends spreadsheets routinely to it's staff for further manipulation. Why?
For X, I believe, it's because they've purchased a number of other smaller businesses recently and the small business units' systems are not integrated with X's centralised accounting system. The small businesses units aggregate their monthly figures into a spreadsheet which they then email to X's receivables department.
The problem X has, is that its small business units are aggregating their data too early in the process. As soon as data is aggregated it is at risk of being divulged. I contend that the solution to their problem is that the data aggregation should be delayed until just before it is posted to the centralised accounting system. In fact, I suspect there is no value to aggregating it at all. Most accounting systems require data to be keyed into them manually and I imagine X's accounting system is no different.
What X really needs, is for its small business units to be posting their individual transactions as they are created onto a searchable queue that can automatically be purged once the data is committed inside the accounting system.
X is partway there already since it's email system is already a queue. Problem is, that queue isn't secure and isn't visible to all its relevant staff. What they need is a single email address that multiple internal users can subscribe to, but not a message list, rather an issue list. There are plenty of these about - we usually call them bug tracking software. The one that I'm most familiar with is Roundup Issue Tracker. There are many others.
And what content gets posted to Roundup? The spreadsheet sent to me would be fine as long as it contained just one client's details, but I still don't like spreadsheets much, because they bundle data, business rules and presentation together in a single file. I would prefer instead to use a static Web browser application for the reasons outlined in my post called Real world Web browser development.