TEST DATA is NOT THE REAL DATA and should NOT BE!
1. Testing a new or enhanced application or a complete computing platform does not require the use of the real database content. The real content may be copied and "manipulated" to dissolve the actual identity of the "subjects" by a program which is developed as part of the Acceptance Tests ( even for internally developed programs).

This was done for ages by the defence community which employs contactors to develop sensitive systems for sensitive data contents.

ISO 15408 and BS 7799 have special sections for Multi Level Security Systems ( where people are allowed to view and manipulate data on a "need to know" basis). One of the principals is the absolute "division" of authorisation: System and DBA are not allowed to view contents... on UNIX and some legacy systems used for the defence and law enforcement computing base this is partially available.

The generation of TEST DATA from the real data is an easy job:
1. Replace randomly names with other names from a Name Dictionary created from the real data.
2. Regenerate record unique keys for the replaced "entities"
3. Change at random some personal data like Place of Birth, Phone, Street Address... from an existing table.

This is not a big deal and it is sufficient to comply with the DP law ...

Indeed the IT experts like "live data", but they fail to generate for the test the "abnormalities" (like strange \ misspelled names, non existent place of residence, defective phone numbers, which challenge the integrity of the tested application.... This is why we IT experts do not like to plan and conduct real Acceptance Test for customers (Trust me! I know my people - I have 35 years of experience, mostly in Governments IT).

Such Test Data is also used to try out conversions from one Database Structure to another...  find out discrepancies... before they are jumping at us from real life!

The training and implementation \ assimilation duty of an IT manager, or CIO - does not reasonably justify the freedom to access the real personal data, which is limited to staff members who are in charge of the functions. The "trouble" lies in "HELP DESK", where the system is designed to allow the "remote" expert to view screens - when a user asks for help! In certain cases the Help Manager may also assume control of the work station and demonstrate to the user the procedure. These people should be considered "staff member" and sign a Statement of Secrecy, like any other member of the staff (even as "out-sourced"" personnel).

These were measures taken long ago in USA Federal Government, in the Israel Civil Service and even in Singapore (Where I consulted).

regards
Yours

Joseph Margalit CISA, L.Lb.
Senior IT Consultant
19, Vitkin st.
Tel-Aviv 63474 Israel
Tel: ++972-3-5464642, FAX ++972-3-5463152
Mobile: ++972-58-804368
reply to: [log in to unmask] <mailto:[log in to unmask]>
The author is a member of the Privacy Protection Council a statutory body, established in 1986 by the Minister of Justice, under the Privacy Protection Law - 1981 and reporting the Parliament.









-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]]On Behalf Of Wright, Tim M
Sent: Monday, October 01, 2001 10:38 AM
To: [log in to unmask]
Subject: Re: Test Data


My answer to this is "it depends". *Sometimes* the use of live data for
testing a new system or enhancement will be justifiable, and indeed this was
recognized as a standard purpose under the 1984 Act. (This is not
contradicted by the Guidelines referred to in another response to this
post.)

Tim

--
Tim M. Wright
Director - Technology Audit
Charles Schwab Europe
Tel:    +44 190 852 7793
Mobile: +44 7932 669 074
Fax:    +44 190 852 7593