IT directors could be in breach of the Data Protection Act because they are using live customer data to test their applications.
In a study of 100 senior IT professionals by Vanson Bourne for IT services firm Compuware, 44% said they used live customer data to test applications. The Data Protection Act forbids the use of data for purposes other than those for which it was collected.
Richard Hodkinson, IT and operations director at solicitors Irwin Mitchell, said, "It is ill advised to use live data [for application testing], a subset of data should be taken. I feel that to err on the side of caution and generate a fictitious set of data for testing would be route one."
Dharmish Mistry, chief operating and technology officer at IT services firm Edge IPK, recommended that organisations depersonalise test data by changing characters in a name or address. But they should ensure that the information cannot be deciphered to reveal customers' identities. Automated tools exist to do this.
End-users should be involved in the application tests where possible, he said, because they are authorised to use the live customer data. Audit and access trails are also essential, said Mistry, to track the individuals involved with the live data. This is particularly useful with outsourced tests.
The government's information commissioner said that organisations needed to take effective security precautions at all times.
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats