There is a very useful publication from the BSI - BIP 0002 - Guidelines for
the use of personal data in system testing - which has been endorsed by
both the ICO and the FSA. This covers the restricted circumstances in which
it is appropriate to use live data, or copies of it, in testing.
However, having spent over 30 years in IT before moving into Data
Protection I would ask whether it is really true that a specific anomaly
can occur that simply can't be replicated using dummy data. It may well be
that a test data set does not contain a record which replicates that case -
but is it really not possible to add records which replicate it in a manner
which does not identify a living individual? It may well be that it is
costly and takes some extra effort - which maybe the IT people or system
users don't wish to expend but that doesn't mean it's impossible.
Indeed, if the test data set has been properly created - i.e. specifically
constructed to test all the conditions covered by the system spec then the
"anomaly" should be covered. One comforting factor about properly
constructed test datasets (which no live dataset can ever provide because
one simply does not know its contents) is that one knows the inputs so can
confidently predict the outputs).
Regards,
Graham
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|