A worrying 44% of IT heads use live customer data to
test applications, even though the Act forbids firms from using
data for anything other than the purpose it was
collected.
Ignorance is a key factor behind this misuse. Almost half the
100 IT directors surveyed by Vanson Bourne profess to be only
“vaguely familiar” with the Act, even though it was introduced
eight years ago.
Outsourcing is also compounding the problem, as 83% of the firms
rely solely on non-disclosure agreements to control data usage by
third-party application testers.
“Testing environments are inherently insecure places in which to
process live customer data, with printouts and test sheets being
left next to PCs during trials,” says Ian Clarke, world wide
enterprise solutions director at Compuware, which sponsored the
report.
“Although businesses can afford to pay the fines placed on them
if customer data is leaked, the cost to company reputation is not
as easily recovered.”
The solution is far more complex than simply using non-live
customer data, which skews results.
One way to meet the Act and produce valid results is to exchange
known values, such as addresses, with other known values. This
disguises the customer identity, but leaves the important fields
intact.