Live-data app tests may break law, firms warned

IT directors could be in breach of the Data Protection Act because they are using live customer data to test their applications.

IT directors could be in breach of the Data Protection Act because they are using live customer data to test their applications.

In a study of 100 senior IT professionals by Vanson Bourne for IT services firm Compuware, 44% said they used live customer data to test applications. The Data Protection Act forbids the use of data for purposes other than those for which it was collected.

Richard Hodkinson, IT and operations director at solicitors Irwin Mitchell, said, "It is ill advised to use live data [for application testing], a subset of data should be taken. I feel that to err on the side of caution and generate a fictitious set of data for testing would be route one."

Dharmish Mistry, chief operating and technology officer at IT services firm Edge IPK, recommended that organisations depersonalise test data by changing characters in a name or address. But they should ensure that the information cannot be deciphered to reveal customers' identities. Automated tools exist to do this.

End-users should be involved in the application tests where possible, he said, because they are authorised to use the live customer data. Audit and access trails are also essential, said Mistry, to track the individuals involved with the live data. This is particularly useful with outsourced tests.

The government's information commissioner said that organisations needed to take effective security precautions at all times.

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at:

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...