Once you undestand the size of the problem you can start to put in place apropriate policies, procedures and security measures. If you have just one spread-sheet which contains all the personal information you store, and only two people have a business reason to access it - then it would be perfectly appropriate to pasword protect this in excel (which strongly encrypts the data - so don't forget the password!). Once this is done, tell the other person that needs access to it - and ensure they understand the importance that know one else access the data. If you want to go a step further - you could set-up logging to report on that file and see when its openned. But - that would be enough. In reality - we think it likely you will have a lot more data to deal with. And so - appropriate security, monitoring and encryption will be more complicated, as well as the process you need to put in place to properly manage the data...