I am working on my SANS-GSEC certification. My paper topic is that Problem Tracking Software is great for help desks, but not well designed for use in the security area. Ex: Patient Health Information, SSNs, incident response, inappropriate web use, etc. Anyone have other items that would be considered sensitive that you would not put into problem tracking software?

~Nimh