I know of one occasion, which I have mentioned before, of this happening. A
very well known British company used live data from clients to solve
problems with their systems - which makes sense to replicate errors. This
was supposed to be held confidentially and then destroyed, however some
bright (sales) spark thought it would be useful information for demos until
someone in a demonstration piped up that this appeared very much to be their
personal information....
I know of this because I was asked informally for my advice on the matter,
and it was, fortunately, successfully resolved.
Who was it that said "Education, education, education"? ;-)
Simon Howarth.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent: 05 July 2006 19:46
To: [log in to unmask]
Subject: [data-protection] Using live data for test purposes
A report by Compuware being publicised at the moment is at last drawing
attention to using live personal data for testing purposes and how
widespread it actually is (44%). It may prove useful within organisations.
http://www.complianceandprivacy.com/WhitePapers/Compuware-DPA-Research.pdf
Unfortunately there is a requirement to register with the site linked to
above, providing an e-mail address for later use prior to downloading the
report from there.
Personally I was lucky enough never to be asked to produce a witness
statement for a system where live data had been used for testing.
With all audit trails and security mechanisms being generally nullified or
at least seriously weakened by such use I would suspect following the
publicity surrounding this report that solicitors are very likely in the
future to enquire particularly carefully about potential test usage during
the lifetime of any data relevant to their clients case, especially if there
is between a 44% and 83% chance of discrediting presented audit trail
evidence.
Ian
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.9/382 - Release Date: 7/4/06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|