JISCMail - DATA-PROTECTION Archives

Or even worse

"The view is sometimes expressed that system testing poses no real data protection problem, as it takes place all the time with little apparent detriment
to individuals. The following case study, which is based on a true complaint received by the Information Commissioner's Office, shows that the use of 'live' data to test systems can indeed cause very real problems for individuals. A pupil was away from home at boarding school. The pupil's parents received a letter from the local hospital informing them that their daughter had been involved in a road accident. In fact, there had been no accident, but the hospital had been using live patient data to test a system for sending out letters to patients."

via http://blog.securityactive.co.uk/2010/02/05/information-commissioners-view-on-using-personal-data-for-system-testing/

See also ICO's comments there.

Jonathan Baines
Legal and Democratic Services
Buckinghamshire County Council
01296 383681

 

-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Peter Dinsdale
Sent: Thursday 28 June 2012 14:51
To: [log in to unmask]
Subject: Re: [data-protection] Use of Live (personal) data used within training database

Not exactly the same point, but another demonstration of the dangers of using live data in training environments: http://www.ico.gov.uk/what_we_cover/taking_action/~/media/documents/library/Data_Protection/Notices/durham_university_undertaking.ashx


Peter Dinsdale
Information Security Officer (Compliance)
Tel: 0191 222 6950



-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Simon Howarth
Sent: Thursday 28 June 2012 14:39
To: [log in to unmask]
Subject: Re: [data-protection] Use of Live (personal) data used within training database

Just don't do it.

Whilst there are cases when the use of a copy of live data is a requirement in order to test a system - rare, but they do exist, I can see no justification for using live personal information for training. In my opinion that's a folly.

In testing there are things you can put in place. A big system that I had some IG involvement in contained in excess of 60 million individuals'
records. In order  to ensure that no cross fertilisation of data could occur and that the data could not get "out", it was put in a secure server dedicated to the test with no external access to the outside world. Further, the testers and developers were put in a room that was secure and the printer they had access to was loaded with pink paper, so that any output could be easily identified. It sounds overkill, but the nature of the system demanded it. I spoke at length with the ICO about this and submitted a plan to use the data and justifying its use. 

Training. NO. Never. Ever. 15,000 is not a large database in the big scheme of things so I suggest that data be generated for testing.  You may think that all is well for a while, but it only needs one person to make another copy of the database and use it externally for it all to go wrong.

I remember a company several years ago where this happened. A sales guy copied a database and used the information in a presentation to potential customers. Sod's law came into play and the information that sprang up was that of a person in the audience. Can't remember the finer details....


Simon.

Simon Howarth MBCS CITP
www.informationedge.co.uk




-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Mike Gater
Sent: 28 June 2012 14:22
To: [log in to unmask]
Subject: [data-protection] Use of Live (personal) data used within training database

Dear all,

Our organisation is about to migrate multiple HR systems (Payroll, People data, leave / sickness absence and security screening data) into one "single" system. ~15,000 employee details.

A copy database has been created for future tech support (testing
environment) and it has been proposed that a further copy is created and subsequently used for system administrator training. The issue I have is that both of these instances will have "Live" data (at the time of
migration) but will not be maintained. As you can imagine some of this data will be rather sensitive, but I take comfort that the trainee would only have access to see the same data that they would see within the Production system. That said, if an individual was to move around within the organisation, it is possible the administrator will still be able to see data about that individual (albeit old data), when in production they would no longer have the access/privilege to do so.

As you can see, for every comfort or justification, I find a worry or issue..... Am I over cooking this, or are there more serious implications than I have thought of (I have not listed all my concerns above)? Has anyone had any experience of this scenario?

Any advice / comments would be greatly received.

Kind Regards
Mike
Records & Information Management


"The information contained in this email may be commercially sensitive and/or legally privileged. It is intended solely for the person(s) to whom it is addressed. If you are not a named recipient, you are on notice of its status. Please notify the sender immediately by reply e-mail and then delete this message from your system. You must not disclose it to any other person, copy or distribute it or use it for any purpose.  

Views expressed in this email are not necessarily those of Sellafield Ltd.

Sellafield Ltd, a company owned by Nuclear Management Partners Ltd, is registered in England and Wales, Company number 1002607. The registered office is situated at Booths Park, Chelford Road, Knutsford, Cheshire WA16 8QZ."

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Buckinghamshire County Council
Visit our Web Site : http://www.buckscc.gov.uk Buckinghamshire County Council Email Disclaimer

This Email, and any attachments, may contain Protected or Restricted information and is intended solely for the individual to whom it is addressed.  It may contain sensitive or protectively marked material and should be handled accordingly.  If this Email has been misdirected, please notify the author or [log in to unmask] immediately.  If you are not the intended recipient you must not disclose, distribute, copy, print or rely on any of the information contained in it or attached, and all copies must be deleted immediately.  Whilst we take reasonable steps to try to identify any software viruses, any attachments to this Email may nevertheless contain viruses which our anti-virus software has failed to identify.  You should therefore carry out your own anti-virus checks before opening any documents.  

Buckinghamshire County Council will not accept any liability for damage caused by computer viruses emanating from any attachment or other document supplied with this email. 

All GCSx traffic may be subject to recording and / or monitoring in accordance with relevant legislation.

The views expressed in this email are not necessarily those of Buckinghamshire County Council unless explicitly stated.

This footnote also confirms that this email has been swept for content and for the presence of computer viruses.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^