On Mon, 2008-03-31 at 18:21 +0000, sanjay sharma wrote:
> overkill. Compliance requirement for storing private data arises from
> each organizations own declared privacy policies and statutory bodies
> like privacy commissioners and other privacy watchdogs. These
> standards are not as strict as PCI, HIPPA or Sarnabes-Oxley
>
> Compliance with HIPPA regulation requires not only maintaining all
> records of who created and updated the record but also who accessed
> and viewed records, when and in what context.
you'd be much better served in this case by implementing se-postgresql
with an appropriate policy...
it would allow you to do all that you need and more :-)