Power testing, data and privacy

During power testing a lot of data is generated, very persona data, the kind many people would want to keep secure.
And that has to resist attacks on an technological, magical and technomagical front. Of course there's frequent leaks, and people who should not have access to results getting results from it.
But that doesn't mean it's just stored without a care.

The question is, when done at Whateley, how is it stored, and kept accessible to the staff needing to analyze it. And also how much would a interested and worried student going through the testing be able to be told.

(Yes this is for my fic, I try to not ask too much but well this is something I don't feel pulling out of my backside and am not sure where to find stories covering it)

I can't point you to the precise story, but it has been touched on the past. The way the school manages the issue is that they tolerate AND MANAGE the data leaks... in essence, they let outsiders get some info, but not the sort of info that could endanger students. So their security people earn extra money from bribes, the outside agencies and criminal organizations don't get too paranoid, but the real important stuff they keep very well protected.

For the purely tech side, Whateley likely has a lava lamp security system like Cloudflare, but with even more improvements making it virtually impossible to hack.
www.cloudflare.com/en-ca/learning/ssl/lava-lamp-encryption/

Add in devised computer codes, security systems, magical runes, and other things, and you can play around quite a lot with what they have.
Of course there would be a 'public' section, that most legitimate people and hackers accessing the server can see. And a secondary area with a tiny bit more info that isn't too sensitive, and also has several red herrings, where the good hackers end up after pretty intense work.
Only the best hackers or biggest moles would get into the locked down stuff, without permission from the few individuals who control access to it.

Remember that although the medically-sensitive data collected by the powers testers is tied to the code name, and even that through unique system ID numbers, so don't expect that link to the student's identity to remain past graduation. For research purposes, the data collector's identity only matters during QA/QC checks, and may well be delinked from the metadata associated with the dataset.

All of the data collected goes through interfaces designed and tested by a separate IT group to ensure that everything gets to where it belongs. Those aren't check-once-and-forget integrity checks, BTW. The underlying compiled queries have their own sets of permissions, separate from the interfaces. The database's underlying system database containing all the records defining its structure might not even be stored within itself. Those tables have their own permissions and NULL won't have the same meaning that you're thinking of. (You'd be surprised how many "IT Professionals" are worthless at designing and maintaining even a 1st or 2nd order relational database for scientific data.)

What? Did you expect data collection and maintenance standards to stay stuck in the 1990s?

null0trooper wrote:

(You'd be surprised how many "IT Professionals" are worthless at designing and maintaining even a 1st or 2nd order relational database for scientific data.)

I'm in this post and I don't like it

thanks for all the material everyone. It will definitely help me improve this section