Test data could breach Data Protection Act

Organisations risk being prosecuted by the Data Commissioner if they test new IT systems using live customer data.

Organisations risk being prosecuted by the Data Commissioner if they test new IT systems using live customer data.

The UK Data Protection Act permits businesses to collect and use customer data only for its intended purpose. If an organisation uses that data to test new applications it is breaking the law, according to Ian Clarke, European sales director at software tools company Compuware.

Clarke said that in his experience "businesses take a full copy of customer data and push it into the software testing environment". The result, he said, is that "developers have access to customers' sensitive data".

A survey of 100 IT departments in the UK's top 2,000 companies commissioned by Compuware found the use of live customer data in a test environment was commonplace, with 42% of IT departments questioned owning up to the practice.

Software developers often load development work on to their laptops and take work home. James Mullock, a partner at law firm Osborne Clarke said: "Being able to take data offsite poses a major risk."

Users should assess whether they need to impose tighter levels of data security within their software development operations, Mullock said.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close