As employees of an organization, we generally assume that the data we are working with is being appropriately handled within the IT and security groups and is as secure or non-secure as it actually should be. I can say that during my application developer and tech lead days I didn’t worry much about the data. Well, I did to some degree, mostly because I was working on a government contract with sensitive student financial aid information, but I already had top level government security clearance and I’d already been cleared by the FBI who had contacted just about everyone I knew right up to my grandma. So, naturally, I figured I had done what I needed to do. We have that secure feeling of “I’m an employee and if something happens I’ve been fingerprinted and passed my background check so the liability will be on my company.” At least I felt that way and so did pretty much everyone else on the project.