Creating artificial data is not only time-consuming and expensive, but it does not reproduce the real environment, subsequently most companies rather use production data for testing purposes, states Jo~ao de Oliveira, MigrationWare sales director.
He says that security around personal data tends to be less stringent in the testing than it is in the production environment and companies failing to take correct measures to protect their data are putting people's personal information at risk.
In Europe, all organisations have had to implement a data protection policy. The implications of non-compliance are significant, with guilty organisations facing the possibility of being put out of business, or having their directors held personally culpable, explains De Oliveira.
Locally, government is working on the Protection of Personal Information Bill and a new body, the Information Protection Commission, will be established to monitor and enforce compliance with the Act, he says.
De Oliveira suggests that companies looking to comply with future legislation should start putting into place appropriate de-identification practices to ensure sensitive personal or financial data is not at risk during software testing.
"This can be done on the database level by data masking, which removes data elements containing sensitive information, making it impossible to trace personal information from representative production data," states De Oliveira.
Software development and testing can still be performed through the generation of representative subsets of production data which have been masked. This allows for accurate, secure and reliable generation of test data, while ensuring they meet the latest compliance and privacy regulations, he concludes.
Related stories:
Security Summit 2008 excites
Complex malware needs stricter security
Cyber-crime on the increase everywhere
Web 2.0 brings security risks
Simple identity management is not enough
Share