The point is anything that comes on the screen, can be theft in a way or another. As somebody explained above, one record at a time, taking photos, taking screen captures, etc etc. No matter which software is in use.
I'm still a student and very new to databases to give any opinion on this. I can only talk about our system here and how the organizations and offices try to keep personal data not to be sold.
Our system here, doesn't show any personal data on the screen. Even the staff that we are talking to, don't know anything about our personal info. Imagine I go to a travel agency and book a flight. The lady only knows my ID. This is the ID I've been given the first time I used that store. She know nothing about my name, my mobile No, or even my mail address. Her screen only shows my ID and the details about my flight. The only thing she know about me is the young kid sitting in front of her, my ID and the info about my travel.
If I call them later and ask for a change in my plan, they don't ask for my name. They ask for my ID, then for my password to be sure I'm me and not someone else. The password process is safe. They put the telephone on hold, a message tells me to push my password using my mobile push keys and add a # at the end to show I'm done. And even during this process I can here a noise. This noise is to prevent the staff to listen to the sound of my pushes and guess what my password maybe. The staff just waits until the system checks my password against my ID.
If the staff receives a message on her screen that my password is passed, she can continue with the changes that I want. The changes in my purchase is mailed to me after it's done. It's another automatic procedure behind the curtain. No body knows my actual name, address, mail, TL No or anything else.
The point is don't show personal data on screen. As I said in my first post above, using sql server as the backend and password protecting the server is the first factor to think about. Confidential data is encrypted and is separated in numinous tables in sql server. Front end contains nothing except forms to show only a part of data. One should be smart enough to write a solution to prevent data theft. I accept that using an stand alone program written in #C or other languages is a better choice. But even Access as a Front End can be used in a way to prevent data theft if the program is written in a way to give no clues on what's happening behind the curtain. (nothing is %100 secure).
PS: Once during one of our classes, I had a chance to check an actual database that has been used about 10 years ago as a BE of a mobile shop. The tables were emptied and was field with several unreal data.
There was 24 tables for saving customers' postal address. Even having the database we had no clue to pull out a customer's full name and his postal address.
Once again, Not that I'm trying to tell any idea above is wrong. I'm still a student and do know nothing about the depth of this world.