I suspect the ICO is thinking of emergency rectification of systems
where the business is dead in the water because of a failure, not run of
the mill "let's test this" scenarios.
Under those circumstances the least worst scenario is to use extreme
care and test on live data, but a minimum sample.
laura thomas wrote:
>
> For what its worth, the ICO states that live data should not be used
> except where absolutely unavoidable
>
> Laura
> ------------------------------------------------------------------------
> Date: Thu, 9 Oct 2008 12:53:04 +0100
> From: [log in to unmask]
> Subject: Re: [data-protection] Use of Live data in testing
> To: [log in to unmask]
>
> I don't disagree with the essence of your argument but sometimes the
> use of live data may be the only option. It then boils down to how you
> square the DPA circle and also ensure sufficient security controls are
> in place.
>
>
>
> System testers are paid to test systems, but they need quality test
> data to be able to do this, they have to have the tools. I am aware,
> for example, of a system development at the moment that really needs
> the broadness of live data in order to test properly. It is also
> critical that the quantity of data is the same as live in order to
> test response times to requests.
>
>
>
> Yes, you can sort column 1 from A to Z and mess around with columns,
> and this may work really well for a database of a few thousand
> records. However the database I refer to has in excess of 70 million
> records, just spragging (a technical term) the live data will take
> days. There is then the issue of several columns being dependent on
> others. Sometimes randomising is not truly an option as depending on
> the value of column X then column Y has to be a certain range of
> values which in turn affects column B and if this is randomised the
> data becomes useless. Yes, you could write something to allow this,
> but then you are developing a programme to enable you to develop a
> system, which needs testing, where does it end?
>
>
>
> Obviously test data will ideally be made up data, but sometimes this
> is simply not practical and is one area where the DPA and other
> legislation is woefully inadequate.
>
>
>
> Question -- A new system is being developed. Testing a new system is a
> form of research. Therefore couldn't testing be exempted?
>
>
>
> Simon Howarth.
>
>
>
> *From:* This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] *On Behalf Of *Tim Trent
> *Sent:* 08 October 2008 18:39
> *To:* [log in to unmask]
> *Subject:* Re: [data-protection] Use of Live data in testing
>
>
>
> Surely it all comes down to the PURPOSE for which you declared you
> would use the data when registering under the act. There is nothing
> that needs to be read here, is there?
>
> Did you declare that the data would be used for TESTING? if so then
> you can do it. If not then you can not.
>
> The excuse so often given is that "live data tests the parts of the
> system that test data cannot test."
>
> No it doesn't. The people testing the system are responsible for
> testing the system, and their job is to test the entire system. If
> you don;t test that part then live or test data is irrelevant.
>
> It is very easy to randomise fields across what was live data in order
> to render it 100% anonymous, too. Stick it in a spreadsheet, and sort
> the forename column a to z, the last name column z to a and then mess
> about with any other column. Then load that into the test system and
> enjoy it. It does not identify any living individual because it just
> cannot.
>
> --
>
> ------------------------------------------------------------------------
> *Tim Trent* - Consultant
> */Tel/*: +44 (0)7710 126618
> */web/*: ComplianceAndPrivacy.com <http://complianceandprivacy.com> -
> where busy executives go to find the news first
> */personal blog/*: timtrent.blogspot.com/ <http://timtrent.blogspot.com/>
>
> Marketing by Permission
> <http://feeds.feedburner.com/%7Er/MarketingByPermission/%7E6/1>
>
> *Important*: This message is private and confidential. If you have
> received this message in error, please notify us and remove it from
> your system. This email and any attachment(s) are believed to be
> virus-free, but it is the responsibility of the recipient to make all
> the necessary virus checks. This email and any attachments to it are
> copyright of Meadowood Associates, owners of Compliance And Privacy,
> unless otherwise stated. Their copying, transmission, reproduction in
> whole or in part may only be undertaken with the express permission,
> in writing, of Meadowood Associates, at Meadowood House, 30 Redditch,
> Bracknell, Berkshire, RG12 0TT.
> ------------------------------------------------------------------------
> All archives of messages are stored permanently and are available to
> the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> Selected commands (the command has been filled in below in the body of
> the email if you are receiving emails in HTML format):
>
> * Leaving this list: send /*leave data-protection*/ to
> [log in to unmask]
> <mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
> * Suspending emails from all JISCMail lists: send /*SET * NOMAIL*/
> to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
> * To receive emails from this list in text format: send /*SET
> data-protection NOHTML*/ to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
> * To receive emails from this list in HTML format: send /*SET
> data-protection HTML*/ to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
>
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the
> *body* of an otherwise blank email to [log in to unmask]
> <mailto:[log in to unmask]>
> Any queries about sending or receiving messages please send to the
> list owner [log in to unmask]
> <mailto:[log in to unmask]>
> (Please send all commands to [log in to unmask]
> <mailto:[log in to unmask]> not the list or the moderators, and
> all requests for technical help to [log in to unmask]
> <mailto:[log in to unmask]>, the general office helpline)
> ------------------------------------------------------------------------
> ------------------------------------------------------------------------
>
> All archives of messages are stored permanently and are available to
> the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
>
> Selected commands (the command has been filled in below in the body of
> the email if you are receiving emails in HTML format):
>
> * Leaving this list: send */leave data-protection/* to
> [log in to unmask]
> <mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
> * Suspending emails from all JISCMail lists: send */SET * NOMAIL/*
> to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
> * To receive emails from this list in text format: send */SET
> data-protection NOHTML/* to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
> * To receive emails from this list in HTML format: send */SET
> data-protection HTML/* to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
>
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the
> *body* of an otherwise blank email to [log in to unmask]
> <mailto:[log in to unmask]>
> Any queries about sending or receiving messages please send to the
> list owner [log in to unmask]
> <mailto:[log in to unmask]>
> (Please send all commands to [log in to unmask]
> <mailto:[log in to unmask]> not the list or the moderators, and
> all requests for technical help to [log in to unmask]
> <mailto:[log in to unmask]>, the general office helpline)
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Win £3000 to spend on whatever you want at Uni! Click here to WIN!
> <http://clk.atdmt.com/UKM/go/111354032/direct/01/>
> ------------------------------------------------------------------------
>
> All archives of messages are stored permanently and are available to
> the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
>
> Selected commands (the command has been filled in below in the body of
> the email if you are receiving emails in HTML format):
>
> * Leaving this list: send */leave data-protection/* to
> [log in to unmask]
> <mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
> * Suspending emails from all JISCMail lists: send */SET * NOMAIL/*
> to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
> * To receive emails from this list in text format: send */SET
> data-protection NOHTML/* to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
> * To receive emails from this list in HTML format: send */SET
> data-protection HTML/* to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
>
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the
> *body* of an otherwise blank email to [log in to unmask]
> <mailto:[log in to unmask]>
>
> Any queries about sending or receiving messages please send to the
> list owner [log in to unmask]
> <mailto:[log in to unmask]>
>
> (Please send all commands to [log in to unmask]
> <mailto:[log in to unmask]> not the list or the moderators, and
> all requests for technical help to [log in to unmask]
> <mailto:[log in to unmask]>, the general office helpline)
>
> ------------------------------------------------------------------------
--
------------------------------------------------------------------------
*Tim Trent* - Consultant
*/Tel/*: +44 (0)7710 126618
*/web/*: ComplianceAndPrivacy.com <http://complianceandprivacy.com> -
where busy executives go to find the news first
*/personal blog/*: timtrent.blogspot.com/ <http://timtrent.blogspot.com/>
Marketing by Permission
<http://feeds.feedburner.com/%7Er/MarketingByPermission/%7E6/1>
*Important*: This message is private and confidential. If you have
received this message in error, please notify us and remove it from your
system. This email and any attachment(s) are believed to be virus-free,
but it is the responsibility of the recipient to make all the necessary
virus checks. This email and any attachments to it are copyright of
Meadowood Associates, owners of Compliance And Privacy, unless otherwise
stated. Their copying, transmission, reproduction in whole or in part
may only be undertaken with the express permission, in writing, of
Meadowood Associates, at Meadowood House, 30 Redditch, Bracknell,
Berkshire, RG12 0TT.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
