The issue more of interest from my perspective of privacy research is that
so many people just do not consider the simple action of randomisation
necessary in any way to exhibit respect for others.
Sad that 66% of people who apparently act in a respectful way to the people
they process data about must also become subject to coercive mechanisms
implemented across the board as a means of attempting to implement that
respect. Seems rather an odd contrast, coercing people into ethical conduct,
sort of belies the nature of a large portion of what respect is considered
to be about.
That the 44% or so of organisations whom cannot be bothered to respect the
data subjects in these circumstances are from my perceptions also those most
likely to perceive and propagate the idea that not using live data for
testing/demonstrations causes major problems/blockages, and least likely to
follow any regulative requirements indicates regulative action is not itself
an effective answer, rather a playing to particular inclinations.
Whether attaining and maintaining an ethical approach is most effective, or
the regulative sales pitch is best will no doubt depend upon the
organisation in question. If my experiences were anything to go by a
mixture of both will be required by DP practitioners.
Ian
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Tim Trent
> Sent: 05 July 2006 22:00
> To: [log in to unmask]
> Subject: Re: Using live data for test purposes
>
>
> The thing that alarms me is that it really is not hard to
> randomise what was once live data. Shuffle the various
> columns and what was personal data suddenly identifies no
> living individuals at all. And 44% simply can't be bothered.
> The scarier figure is the senior IT decision makers who
> don't really think the law is anything that affects them.
> I'll bet some of them are going to be affected by MiFID, and
> that seems to carry custodial sentences!
>
> Tim Trent - Consultant
> Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
> email: [log in to unmask]
> Marketing Improvement Limited, Abbey House, Grenville Place,
> Bracknell, United Kingdom, RG12 1BP
> http://www.marketingimprovement.com
>
>
>
>
> Important: This mail contains proprietary information some or
> all of which may be legally privileged. It is for the
> intended recipient only. If an addressing or transmission
> error has misdirected this email, please notify the author by
> replying to this email. if you are not the intended recipient
> you must not use, disclose, distribute, copy, print or rely
> on this email. If you are not the named recipient please
> notify us immediately. This email and any attachment(s) are
> believed to be virus-free, but it is the responsibility of
> the recipient to make all the necessary virus checks. This
> email and any attachments to it are copyright of Marketing
> Improvement Limited unless otherwise stated. Their copying,
> transmission, reproduction in whole or in part may only be
> undertaken with the express permission, in writing, of
> Marketing Improvement Limited.
>
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Simon Howarth
> Sent: 05 July 2006 21:24
> To: [log in to unmask]
> Subject: Re: [data-protection] Using live data for test purposes
>
> I know of one occasion, which I have mentioned before, of
> this happening. A very well known British company used live
> data from clients to solve problems with their systems -
> which makes sense to replicate errors. This was supposed to
> be held confidentially and then destroyed, however some
> bright (sales) spark thought it would be useful information
> for demos until someone in a demonstration piped up that this
> appeared very much to be their personal information....
>
> I know of this because I was asked informally for my advice
> on the matter, and it was, fortunately, successfully resolved.
>
> Who was it that said "Education, education, education"? ;-)
>
> Simon Howarth.
>
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Ian Welton
> Sent: 05 July 2006 19:46
> To: [log in to unmask]
> Subject: [data-protection] Using live data for test purposes
>
> A report by Compuware being publicised at the moment is at
> last drawing attention to using live personal data for
> testing purposes and how widespread it actually is (44%). It
> may prove useful within organisations.
>
> http://www.complianceandprivacy.com/WhitePapers/Compuware-DPA-
> Research.pdf
>
> Unfortunately there is a requirement to register with the
> site linked to above, providing an e-mail address for later
> use prior to downloading the report from there.
>
> Personally I was lucky enough never to be asked to produce a
> witness statement for a system where live data had been used
> for testing.
>
> With all audit trails and security mechanisms being generally
> nullified or at least seriously weakened by such use I would
> suspect following the publicity surrounding this report that
> solicitors are very likely in the future to enquire
> particularly carefully about potential test usage during the
> lifetime of any data relevant to their clients case,
> especially if there is between a 44% and 83% chance of
> discrediting presented audit trail evidence.
>
> Ian
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.9/382 - Release Date: 7/4/06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|