--On 01 October 2002 16:01 +0100 "Priestley, Janice [PER]"
<[log in to unmask]> wrote:
> The advice of someone from the Information Commissioner's Office, when
> asked last week was, "DON'T DO IT!".
>
> Don't forget that once it is in a test environment, especially if it is
> left there permanently, your IT staff may modify it. It gets rather
> dangerous and the risk of the data getting out is too high. IT staff
> don't know what data is real or has been modified. It is also a license
> for them to look at personal details that it would be grossly
> unprofessional for them to access in the live environment. It violates
> the data protection principles and is, IMHO, wrong.
>
> See information commissioners employment records code of practice P23.
> "Give access to such information sparingly; for example, access to
> confidential worker information should not normally be given to technical
> staff for use in testing computer hardware or software. "
>
> The answer is to copy it and write routines to anonymise it.
Could anyone share with us the sort of algorithms they are
using to do this?
I just bumped into Anonlog:
<http://anonlog.sourceforge.net/>
Does anonymising data basically boil down to:
1. Exchanging things like Forename and Surname to dictionary words.
2. Adding some offset to keys (so that relations between database tables
are preserved)?
I've heard of others "scrambling data" - i.e. leaving the fields
intact but mixing fields between records. E.g.
to use an Excel analogy, like sorting on one column
(and not sorting on the others all the same time).
Paul
--
The Library, Tyndall Avenue, Univ. of Bristol, Bristol, BS8 1TJ, UK
E-mail: [log in to unmask] URL: http://www.bris.ac.uk/
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|