A worrying 44% of IT heads use live customer data to test applications, even though the Act forbids firms from using data for anything other than the purpose it was collected.
Ignorance is a key factor behind this misuse. Almost half the 100 IT directors surveyed by Vanson Bourne profess to be only “vaguely familiar” with the Act, even though it was introduced eight years ago.
Outsourcing is also compounding the problem, as 83% of the firms rely solely on non-disclosure agreements to control data usage by third-party application testers.
“Testing environments are inherently insecure places in which to process live customer data, with printouts and test sheets being left next to PCs during trials,” says Ian Clarke, world wide enterprise solutions director at Compuware, which sponsored the report.
“Although businesses can afford to pay the fines placed on them if customer data is leaked, the cost to company reputation is not as easily recovered.”
The solution is far more complex than simply using non-live customer data, which skews results.
One way to meet the Act and produce valid results is to exchange known values, such as addresses, with other known values. This disguises the customer identity, but leaves the important fields intact.