Sorry for the repeat, but the MailerDeamon email sniffer thing is truly stupid... This is the fourth attempt to send this reply!!

Personally, I'd write or have someone else write, a .Net application (VB or C#) that can trawl through the tables you have. Within it you would be able to include enough logic to provide a suitable screening of each field.A) You can have it read the sys tables so the program will pick up the names of the tables and columns (attributes), across multiple databases if necessary, and then process them sequentially.B) Include a list held in another table containing information on the sensitive material (no, not actual SocSec numbers but the types of pattern needed to be looked for, and perhaps specific catch words).This would obviously be extendable as more records can be added as "new" things come to mind.C) The App/prog' can sit there and chew on the data for as long as it takesD) publish reports or dump appropriate information in tables for later reporting or export, the output from which can be analysed independantly of theprog's run; i.e. even tho the prog is still running, reports can be run against it listing the ever increasing information.E) The prog would include in its reportable data the database name, the table name, the column and the specific information it deems suspicious or sensitive.F) You get to call it something catchy like... Carnivore....Trying to do this with anything other than a specific application is going to be a nightmare!You have my sympathies!Jeremy GreavesFenris Software Consulting, Inc
MS Sql Server LazyDBA home page