Anyone who was at the Institutional Web Managers Workshop in
Glasgow this year will remember the unfortunate guy who while
talking about his institution's intranet student data system
was happily showing us screen shots of live student data, with
all sorts of personal information being revealed...
Charles - did you tell him where he went wrong? I didn't have
the heart...!
Best wishes,
Adrian
> -----Original Message-----
> From: J F Hitches [mailto:[log in to unmask]]
> Sent: 01 October 2002 15:42
> To: [log in to unmask]
> Subject: Re: DPA and Test Data
>
>
> The Act does not specifically say that real data must not be used
> as test data. However, the use of live data as test data has to
> be in accordance with the Act (it still remains personal data)
> and therefore has to meet all the principles and be properly
> justified in relation to a Schedule 2 condition (and a schedule 3
> for sensitive data).
>
> Do you tell data subjects that their live data will be used to
> test systems and therefore may be accessible to trainees,
> external company engineers, etc.? That it will be accessible to
> people who would otherwise have no reason to access their
> personal data?
>
> Would you be happy if your own data was used as test data and, as
> a result, some was amended? Someone then reads the amended test
> data and forms an opinion of you based on that incorrect
> amendment - they assume that it is still correct live data.
>
> It is still personal data even though in the test environment. It
> should therefore be accurate and up to date, but it has now been
> erroneously amended and is therefore in breach of the Act.
>
> Therefore, although the Act does not spell out that you cannot
> use live data for testing you would be a brave person for doing
> so.
>
> John
> John F Hitches
> General Administrative Manager
> Kingston University
> River House
> 53 / 57 High Street
> Kingston Upon Thames
> Surrey KT1 1LQ
> Telephone 020 8547 7768
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|