One principle of web site design for the Exchanges to follow is "Defense in Depth".  don't depend on a single feature to be your security, all aspects of the system require minimum access privileges and very fine grained audit controls and monitoring.  If one has permissions to access a database it should be further restricted to what tables and rows are appropriate.  All the way down to every file on every system in the enterprise.  Who owns it , who can read it (and how often!), who can change it.  who can delete it.  Keep in mind that once it is read it can be let loose in the wild with another few steps.  That has to all be monitored and logged.  and the system must do it automatically and with alerts to the watchers.