JISCMail - DATA-PROTECTION Archives

Afternoon all - hopefully an easy Friday afternoon question.


I am new to practicing Data Protection, whilst I am comfortable with current DP legislation I would be interested in hearing the views of experienced DPO's.


As a Local Authority we have a legal obligation to carry out a Boundary Review and we have an issue.  We 'want/have to' to use live data in the test system.  I have been told that there it can't be anonymised nor can we obtain dummy data.  The system is over 20 years and we do have a project underway to replace it.  They system is Acolaid in case you've heard of it and is used by Planning, Building Control, Environmental Health and Land Charges.


I am aware of a recent discussion regarding the use of 'live' data in a training situation and someone mentioned a BSI document dating back to 2009, it was on the use of live data in a test environment which I found very useful, particularly when my opposers are saying this is new under GDPR and I have been saying this was the case under DPA98.  However I have been asked to reach out to DPO colleagues for their input and experience as we have 2 schools of thought:-


  1.  Live data cannot be used in both live and test environments - because we haven't told people, its not the reason we collected the data etc. the DP Principles.
  2.  Live data can be used in both live and test environments - I am working with several people who once worked in private industry and are now LA, some as little as 3 yrs ago, up to 20+ years ago and they say its always been common to use live data and its not an issue, is that because its not an issue or because they haven't been practicing data protection properly.....


To cover off this particular request we are carrying out a DPIA which will detail why it really has to be live data, why dummy or anonymised data cannot be used.  So we will be doing it by exception.  However as I said above I have been asked to get feedback from experienced DPO's on what has been the norm to date.


Thank you everyone


Have a lovely weekend...



Mrs Cheryl Lincoln
Information Governance Manager (DPO)
Havant Borough Council and East Hampshire District Council
Direct Dial: 02392 446568

Havant Borough Council
Public Service Plaza
Civic Centre Road Havant PO9 2AX
www.havant.gov.uk<http://www.havant.gov.uk/>
www.facebook.com/havantboroughcouncil<http://www.facebook.com/havantboroughcouncil>
www.twitter.com/havantborough<http://www.twitter.com/havantborough>

and

East Hampshire District Council
Penns Place
Petersfield GU31 4EX
www.easthants.gov.uk<http://www.easthants.gov.uk/>
www.facebook.com/easthampshiredistrictcouncil<http://www.facebook.com/easthampshiredistrictcouncil>
www.twitter.com/easthantsdc<http://www.twitter.com/easthantsdc>

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^