Just don't do it.
Whilst there are cases when the use of a copy of live data is a requirement
in order to test a system - rare, but they do exist, I can see no
justification for using live personal information for training. In my
opinion that's a folly.
In testing there are things you can put in place. A big system that I had
some IG involvement in contained in excess of 60 million individuals'
records. In order to ensure that no cross fertilisation of data could occur
and that the data could not get "out", it was put in a secure server
dedicated to the test with no external access to the outside world. Further,
the testers and developers were put in a room that was secure and the
printer they had access to was loaded with pink paper, so that any output
could be easily identified. It sounds overkill, but the nature of the system
demanded it. I spoke at length with the ICO about this and submitted a plan
to use the data and justifying its use.
Training. NO. Never. Ever. 15,000 is not a large database in the big scheme
of things so I suggest that data be generated for testing. You may think
that all is well for a while, but it only needs one person to make another
copy of the database and use it externally for it all to go wrong.
I remember a company several years ago where this happened. A sales guy
copied a database and used the information in a presentation to potential
customers. Sod's law came into play and the information that sprang up was
that of a person in the audience. Can't remember the finer details....
Simon.
Simon Howarth MBCS CITP
www.informationedge.co.uk
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Mike Gater
Sent: 28 June 2012 14:22
To: [log in to unmask]
Subject: [data-protection] Use of Live (personal) data used within training
database
Dear all,
Our organisation is about to migrate multiple HR systems (Payroll, People
data, leave / sickness absence and security screening data) into one
"single" system. ~15,000 employee details.
A copy database has been created for future tech support (testing
environment) and it has been proposed that a further copy is created and
subsequently used for system administrator training. The issue I have is
that both of these instances will have "Live" data (at the time of
migration) but will not be maintained. As you can imagine some of this data
will be rather sensitive, but I take comfort that the trainee would only
have access to see the same data that they would see within the Production
system. That said, if an individual was to move around within the
organisation, it is possible the administrator will still be able to see
data about that individual (albeit old data), when in production they would
no longer have the access/privilege to do so.
As you can see, for every comfort or justification, I find a worry or
issue..... Am I over cooking this, or are there more serious implications
than I have thought of (I have not listed all my concerns above)? Has anyone
had any experience of this scenario?
Any advice / comments would be greatly received.
Kind Regards
Mike
Records & Information Management
"The information contained in this email may be commercially sensitive
and/or legally privileged. It is intended solely for the person(s) to whom
it is addressed. If you are not a named recipient, you are on notice of its
status. Please notify the sender immediately by reply e-mail and then delete
this message from your system. You must not disclose it to any other person,
copy or distribute it or use it for any purpose.
Views expressed in this email are not necessarily those of Sellafield Ltd.
Sellafield Ltd, a company owned by Nuclear Management Partners Ltd, is
registered in England and Wales, Company number 1002607. The registered
office is situated at Booths Park, Chelford Road, Knutsford, Cheshire WA16
8QZ."
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands
can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|