Experts in Data Privacy

Environments

Mainframe
Mid-Range—Workstation/PC

View

Manuals and Help

Rebecca Herold

What IT Leaders Need to Know About Using Production Data for Testing

There are many issues involved with using live production data, particularly real personally identifiable information (PII), for test and demo purposes. For many years it has been the norm within organizations to use copies of production data for testing during applications and systems development. However, over the past few years this practice is becoming more and more of a bad idea with all the new privacy laws and regulations, identity theft cases, insider instigated fraud, increased customer awareness, and the growing number of companies using outsourced companies to manage applications development, testing and quality assurance. In my latest podcast I discuss the importance of and reasons for using data that does not include real, production PII for test and development purposes.
Listen to the podcast with iTunes or listen in your browser

Data De-identification and Masking Methods

There is increasing concern about the use of real/actual personally identifiable information (PII) for test and development purposes. I'm also increasingly concerned about the use of PII by sales representatives who are showing demos to potential clients. I was recently surprised to see a vendor showing me a demo of his security software using the actual production data of his clients, which included a vast amount of PII about his clients' customers, such as names, social security numbers and credit card numbers. He had accumulated this information while doing work for the clients with the software. Needless to say, his demo turned into a long discussion about the risks involved with this practice. Such a practice is an incident and lawsuit waiting to happen. Unfortunately the sales staff at many companies use production data for demo purposes. And it's not just software vendors. Insurance representatives often show their potential clients demos using PII, as do financial organizations, and healthcare companies, plus potentially other industries. Do you know if your sales staff is using your production data?
Listen to the podcast with iTunes or listen in your browser

About Rebecca Herold

Rebecca Herold, CISSP, CISA, CISM, FLMI, has over 16 years of experience as an information technology and information security, privacy and compliance professional. Rebecca created the Information Protection program at Principal Financial Group where she worked for 12 years. Rebecca has authored 6 books to date, many book chapters and dozens of articles, and is an adjunct professor for the Norwich University Master of Science in Information Assurance (MSIA) program. Contact Rebecca with questions at rebeccaherold@rebeccaherold.com.

Copyright © 2010 Direct Computer Resources, Inc. All Rights Reserved. Legal Notices and Terms of Use. Privacy Policy.