The advice of someone from the Information Commissioner's Office, when asked last week was,
"DON'T DO IT!".
Don't forget that once it is in a test environment, especially if it is left there permanently, your IT staff may modify it. It gets rather dangerous and the risk of the data getting out is too high. IT staff don't know what data is real or has been modified. It is also a license for them to look at personal details that it would be grossly unprofessional for them to access in the live environment. It violates the data protection principles and is, IMHO, wrong.
See information commissioners employment records code of practice P23.
"Give access to such information sparingly; for example, access to confidential worker information should not normally be given to technical staff for use in testing computer hardware or software. "
The answer is to copy it and write routines to anonymise it.
Janice Priestley
Project Officer
Human Resources
Leeds Metropolitan University
(the views expressed are those of myself and not necessarily those of my employer)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
