Tag Archives: ICO

Information Commissioners View on using Personal data for system testing

Following on from my recent post on “Doing the right thing when testing with production data“, I was discussing my frustation with a colleage at work and they told me to take a look at a copy of the the “Data Protection: Guidelines for the Use of Personal Data in System Testing” document. We had an old copy, and this is a statement from the ICO, in 2003 I believe. There is an updated 2009 version, but I dont have access to this, so I am unable to comment. Either way its a useful snip it to share with everyone.

The Information Commissioner’s view
The ICO advises that the use of personal data for system testing should be avoided. Where there is no practical alternative to using ‘live’ data for this purpose,
systems administrators should develop alternative methods of carrying out system testing. Should the Information Commissioner receive a complaint about
the use of personal data for system testing, his first question to the data controller would be to ask why no alternative to the use of ‘live’ data had been found.
Key risks in system testing There are a number of general risks that exist whenever system testing is undertaken using live data and/or a live environment.

These are as follows:
• unauthorized access to data;
• unauthorized disclosure of data;
• intentional corruption of data;
• unintentional corruption of data;
• compromise of source system data where appropriate;
• loss of data;
• inadequacy of data;
• objections from customers.

There will of course also be sector-specific risks peculiar to each individual business, each type of business and each particular system.
Before commencing any system testing, it is advisable for the data controller to undertake a risk assessment identifying the nature of the risks that apply, their
possible impact and planned handling strategies.

A cautionary tale
The view is sometimes expressed that system testing poses no real data protection problem, as it takes place all the time with little apparent detriment
to individuals. The following case study, which is based on a true complaint received by the Information Commissioner’s Office, shows that the use of ‘live’
data to test systems can indeed cause very real problems for individuals. A pupil was away from home at boarding school. The pupil’s parents received a
letter from the local hospital informing them that their daughter had been involved in a road accident. In fact, there had been no accident, but the hospital
had been using live patient data to test a system for sending out letters to patients.