New edition – order your copy now
Data Protection: Guidelines for the use of personal data in system testing (2nd Edition)
Louise Wiseman and Jenny Gordon
In an area where few documented processes exist, this book provides guidelines to the use of live personal data in system testing, in compliance with the Data Protection Act 1998 (DPA).
The book is essential reading for anyone using personal data in systems testing. It can also help companies to see how testing might fit with the Personal Information Management System (PIMS), described in BS 10012.
Guidelines for the use of personal data in system testing provides guidelines on the use of live personal data in system testing in compliance with the Data Protection Act 1998 (DPA). Organizations have a legal obligation to respect the rights of individuals to confidentiality and privacy.
With new developments in business and information technology personal data is increasingly easy to obtain and there are many new possibilities for its use. Systems’ Testing is required to maximize the benefits of technology while reducing the risk of breaches of security and loss or destruction of data. This book shows how compliance with the DPA need not be overly complex or expensive. By effective use of risk assessment techniques an organization can take a realistic view of the dangers while at the same time ensuring they comply with the law.
The book does not cover the use of fictitious, scrambled or anonymized data. For organizations that don't use live data for testing, additional guidance would be required.
Contents of 'Guidelines for the use of personal data in system testing' include:
- Personal data in the e-commerce environment
- Processing under the Data Protection Act 1998
- The importance of system testing
- The Information Commissioner’s view
- Key risks in system testing
- System testing – purpose or subsidiary function?
- Alternative test groups
- Duty of confidentiality
- Matching and cleansing data
- Accuracy and limiting the data
- Retention and disposal
- Rights of individuals
- Security - Use of BS 7799 in system testing
- Physical protection of the system
- Use of technical measures in the test environment
- System testing by third parties
- Financial environments: The use of dummy or test accounts.
- Disaster recovery
- International data transfer
- Appendices - Example forms and blank templates
- Factors to consider in approaching a system testing strategy
- Data classification table
- Data justification table
- Risk analysis – identification of key risks and handling strategies.
Standard for data protection
BS 10012. Specification for the management of personal information in compliance with the Data Protection Act 1998
A new standard for data protection is due to publish later in 2009. For more information and to register your interest, visit www.bsigroup.com/bs10012