TEST DATA is NOT THE REAL DATA and should NOT
BE!
1. Testing a new or enhanced application or a complete computing platform
does not require the use of the real database content. The real content may be
copied and "manipulated" to dissolve the actual identity of the "subjects" by a
program which is developed as part of the Acceptance Tests ( even for internally
developed programs).
This was done for ages by the defence community
which employs contactors to develop sensitive systems for sensitive data
contents.
ISO 15408 and BS 7799 have special sections for Multi Level
Security Systems ( where people are allowed to view and manipulate data on a
"need to know" basis). One of the principals is the absolute "division" of
authorisation: System and DBA are not allowed to view contents... on UNIX and
some legacy systems used for the defence and law enforcement computing base this
is partially available.
The generation of TEST DATA from the real data is
an easy job:
1. Replace randomly names with other names from a Name
Dictionary created from the real data.
2. Regenerate record unique keys for
the replaced "entities"
3. Change at random some personal data like Place of
Birth, Phone, Street Address... from an existing table.
This is not a big
deal and it is sufficient to comply with the DP law ...
Indeed the IT
experts like "live data", but they fail to generate for the test the
"abnormalities" (like strange \ misspelled names, non existent place of
residence, defective phone numbers, which challenge the integrity of the tested
application.... This is why we IT experts do not like to plan and conduct real
Acceptance Test for customers (Trust me! I know my people - I have 35 years of
experience, mostly in Governments IT).
Such Test Data is also used to try
out conversions from one Database Structure to another... find out
discrepancies... before they are jumping at us from real life!
The
training and implementation \ assimilation duty of an IT manager, or CIO - does
not reasonably justify the freedom to access the real personal data, which is
limited to staff members who are in charge of the functions. The "trouble" lies
in "HELP DESK", where the system is designed to allow the "remote" expert to
view screens - when a user asks for help! In certain cases the Help Manager may
also assume control of the work station and demonstrate to the user the
procedure. These people should be considered "staff member" and sign a Statement
of Secrecy, like any other member of the staff (even as "out-sourced""
personnel).
These were measures taken long ago in USA Federal Government,
in the Israel Civil Service and even in Singapore (Where I
consulted).
regards
Yours
Joseph Margalit CISA, L.Lb.
Senior IT Consultant
19, Vitkin
st.
Tel-Aviv 63474 Israel
Tel: ++972-3-5464642, FAX
++972-3-5463152
Mobile: ++972-58-804368
reply to: [log in to unmask]
<mailto:[log in to unmask]>
The
author is a member of the Privacy Protection Council a statutory body,
established in 1986 by the Minister of Justice, under the Privacy Protection Law
- 1981 and reporting the
Parliament.
-----Original
Message-----
From: This list is for those interested in Data Protection
issues [mailto:[log in to unmask]]On
Behalf Of Wright, Tim M
Sent: Monday, October 01, 2001 10:38 AM
To:
[log in to unmask]
Subject: Re: Test Data
My answer to
this is "it depends". *Sometimes* the use of live data for
testing a new
system or enhancement will be justifiable, and indeed this was
recognized as
a standard purpose under the 1984 Act. (This is not
contradicted by the
Guidelines referred to in another response to
this
post.)
Tim
--
Tim M. Wright
Director - Technology
Audit
Charles Schwab Europe
Tel: +44 190 852
7793
Mobile: +44 7932 669 074
Fax: +44 190 852
7593