That's one of the reasons that the system I was involved with had the
security around it that it had, including pink paper. It never happened, but
all staff were aware that if they came across pink paper letters or other
output that it was likely to be test data and they should seek advice.
However, in 99.9% of cases live data shouldn't be used, in my opinion, but I
also understand the view that some systems cannot be tested effectively with
randomly generated data. NHS number for example cannot be randomly generated
as the tenth digit is a check digit and there is an algorithm for generating
these numbers. Mind you there's nothing to stop the DH creating "test" NHS
numbers, I suppose.
I tell you , there's some interesting discussions going on, on here, today.
Simon.
Simon Howarth MBCS CITP
www.informationedge.co.uk
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Baines, Jonathan
Sent: 28 June 2012 14:56
To: [log in to unmask]
Subject: Re: [data-protection] Use of Live (personal) data used within
training database
Or even worse
"The view is sometimes expressed that system testing poses no real data
protection problem, as it takes place all the time with little apparent
detriment to individuals. The following case study, which is based on a true
complaint received by the Information Commissioner's Office, shows that the
use of 'live' data to test systems can indeed cause very real problems for
individuals. A pupil was away from home at boarding school. The pupil's
parents received a letter from the local hospital informing them that their
daughter had been involved in a road accident. In fact, there had been no
accident, but the hospital had been using live patient data to test a system
for sending out letters to patients."
via
http://blog.securityactive.co.uk/2010/02/05/information-commissioners-view-o
n-using-personal-data-for-system-testing/
See also ICO's comments there.
Jonathan Baines
Legal and Democratic Services
Buckinghamshire County Council
01296 383681
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Peter Dinsdale
Sent: Thursday 28 June 2012 14:51
To: [log in to unmask]
Subject: Re: [data-protection] Use of Live (personal) data used within
training database
<snip>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|