Morning all, Our organisation is committed to compliance with the British Standard 7799: Information Security Management (ISO/IEC 17799:2000(E)). The following is an extract:- "10.4.2 Protection of system test data Test data should be protected and controlled. System and acceptance testing usually requires substantial volumes of test data that are as close as possible to operational data. The use of operational databases containing personal information should be avoided. If such information is used, it should be depersonalized before use. The following controls should be applied to protect operational data, when used for testing purposes. a) The access control procedures, which apply to operational application systems, should also apply to test application systems. b) There should be separate authorization each time operational information is copied to a test application system. c) Operational information should be erased from a test application system immediately after the testing is complete. d) The copying and use of operational information should be logged to provide an audit trail." Interesting article at http://www.out-law.com/php/page.php? age_id=systemtestingwith1065526767&area=news and the BSI guide advertised at http://www.bsi- global.com/ICT/Security/bip0002.xalter costs £75 My own view is that the subject information provisions apply. ie "Have we told data subjects their personal data will be used for testing?" "Er, no", is the usual answer. Then follows, "Do you want to tell them or shall I?" Regards MD ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^