See
http://shop.bsigroup.com/en/ProductDetail/?pid=000000000030100005
One school of thought is that live data should never be used in systems testing. Another school says that without live data a system can't properly be tested. There's generally a middle way.
However, what you describe fills me with concern...that's a huge amount of sensitive data just hanging around, arguably breaching all of the first seven principles.
Jonathan Baines
Legal and Democratic Services
Buckinghamshire County Council
01296 383681
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Mike Gater
Sent: Thursday 28 June 2012 14:22
To: [log in to unmask]
Subject: [data-protection] Use of Live (personal) data used within training database
Dear all,
Our organisation is about to migrate multiple HR systems (Payroll, People data, leave / sickness absence and security screening data) into one "single" system. ~15,000 employee details.
A copy database has been created for future tech support (testing
environment) and it has been proposed that a further copy is created and subsequently used for system administrator training. The issue I have is that both of these instances will have "Live" data (at the time of
migration) but will not be maintained. As you can imagine some of this data will be rather sensitive, but I take comfort that the trainee would only have access to see the same data that they would see within the Production system. That said, if an individual was to move around within the organisation, it is possible the administrator will still be able to see data about that individual (albeit old data), when in production they would no longer have the access/privilege to do so.
As you can see, for every comfort or justification, I find a worry or issue..... Am I over cooking this, or are there more serious implications than I have thought of (I have not listed all my concerns above)? Has anyone had any experience of this scenario?
Any advice / comments would be greatly received.
Kind Regards
Mike
Records & Information Management
"The information contained in this email may be commercially sensitive and/or legally privileged. It is intended solely for the person(s) to whom it is addressed. If you are not a named recipient, you are on notice of its status. Please notify the sender immediately by reply e-mail and then delete this message from your system. You must not disclose it to any other person, copy or distribute it or use it for any purpose.
Views expressed in this email are not necessarily those of Sellafield Ltd.
Sellafield Ltd, a company owned by Nuclear Management Partners Ltd, is registered in England and Wales, Company number 1002607. The registered office is situated at Booths Park, Chelford Road, Knutsford, Cheshire WA16 8QZ."
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Buckinghamshire County Council
Visit our Web Site : http://www.buckscc.gov.uk
Buckinghamshire County Council Email Disclaimer
This Email, and any attachments, may contain Protected or Restricted information and is intended solely for the individual to whom it is addressed. It may contain sensitive or protectively marked material and should be handled accordingly. If this Email has been misdirected, please notify the author or [log in to unmask] immediately. If you are not the intended recipient you must not disclose, distribute, copy, print or rely on any of the information contained in it or attached, and all copies must be deleted immediately. Whilst we take reasonable steps to try to identify any software viruses, any attachments to this Email may nevertheless contain viruses which our anti-virus software has failed to identify. You should therefore carry out your own anti-virus checks before opening any documents.
Buckinghamshire County Council will not accept any liability for damage caused by computer viruses emanating from any attachment or other document supplied with this email.
All GCSx traffic may be subject to recording and / or monitoring in accordance with relevant legislation.
The views expressed in this email are not necessarily those of Buckinghamshire County Council unless explicitly stated.
This footnote also confirms that this email has been swept for content and for the presence of computer viruses.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|