The thing that alarms me is that it really is not hard to randomise what was
once live data. Shuffle the various columns and what was personal data
suddenly identifies no living individuals at all. And 44% simply can't be
bothered. The scarier figure is the senior IT decision makers who don't
really think the law is anything that affects them. I'll bet some of them
are going to be affected by MiFID, and that seems to carry custodial
sentences!
Tim Trent - Consultant
Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
email: [log in to unmask]
Marketing Improvement Limited, Abbey House, Grenville Place, Bracknell,
United Kingdom, RG12 1BP
http://www.marketingimprovement.com
Important: This mail contains proprietary information some or all of which
may be legally privileged. It is for the intended recipient only. If an
addressing or transmission error has misdirected this email, please notify
the author by replying to this email. if you are not the intended recipient
you must not use, disclose, distribute, copy, print or rely on this email.
If you are not the named recipient please notify us immediately. This email
and any attachment(s) are believed to be virus-free, but it is the
responsibility of the recipient to make all the necessary virus checks. This
email and any attachments to it are copyright of Marketing Improvement
Limited unless otherwise stated. Their copying, transmission, reproduction
in whole or in part may only be undertaken with the express permission, in
writing, of Marketing Improvement Limited.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Simon Howarth
Sent: 05 July 2006 21:24
To: [log in to unmask]
Subject: Re: [data-protection] Using live data for test purposes
I know of one occasion, which I have mentioned before, of this happening. A
very well known British company used live data from clients to solve
problems with their systems - which makes sense to replicate errors. This
was supposed to be held confidentially and then destroyed, however some
bright (sales) spark thought it would be useful information for demos until
someone in a demonstration piped up that this appeared very much to be their
personal information....
I know of this because I was asked informally for my advice on the matter,
and it was, fortunately, successfully resolved.
Who was it that said "Education, education, education"? ;-)
Simon Howarth.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent: 05 July 2006 19:46
To: [log in to unmask]
Subject: [data-protection] Using live data for test purposes
A report by Compuware being publicised at the moment is at last drawing
attention to using live personal data for testing purposes and how
widespread it actually is (44%). It may prove useful within organisations.
http://www.complianceandprivacy.com/WhitePapers/Compuware-DPA-Research.pdf
Unfortunately there is a requirement to register with the site linked to
above, providing an e-mail address for later use prior to downloading the
report from there.
Personally I was lucky enough never to be asked to produce a witness
statement for a system where live data had been used for testing.
With all audit trails and security mechanisms being generally nullified or
at least seriously weakened by such use I would suspect following the
publicity surrounding this report that solicitors are very likely in the
future to enquire particularly carefully about potential test usage during
the lifetime of any data relevant to their clients case, especially if there
is between a 44% and 83% chance of discrediting presented audit trail
evidence.
Ian
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.9/382 - Release Date: 7/4/06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|